Basic authentication in asp net core


ASP.NET is a popular programming language used for building web applications. One of the key features of ASP.NET is its support for authentication, which allows developers to secure their applications and control access to certain resources. In this article, we will explore how to implement basic authentication in ASP.NET Core.

What is Basic Authentication?

Basic authentication is a simple and widely supported authentication that is based on sending a username and password in the HTTP request headers. The server then verifies the credentials and grants access to the requested resource if they are valid.

Implementing Basic Authentication in ASP.NET Core

To implement basic authentication in ASP.NET Core, we can leverage the built-in authentication provided by the framework. This middleware allows us to easily add authentication and authorization capabilities to our application.

First, let's start by adding the necessary NuGet packages to our project. Open the NuGet Manager Console and run the command:

Install-Package Microsoft.AspNetCore.Authentication

Once the package is installed, we need to configure the authentication middleware in our application's startup class. Open the Startup.cs file and add the following code to the ConfigureServices method:

This code configures the authentication middleware to use the “BasicAuthentication” scheme and specifies the BasicAuthenticationHandler as the handler for this scheme. The handler is responsible for validating the credentials and authenticating the user.

Next, we need to create the BasicAuthenticationHandler class. This class will implement the authentication logic and validate the credentials. Here's an example :

In this example, we if the request contains the “Authorization” header. If it does, we parse the header and extract the username and password. We then validate the credentials against our authentication logic. If the credentials are valid, we create a claims identity and principal, and return an authentication ticket with the authenticated user.

Protecting Resources with Basic Authentication

Now that we have implemented basic authentication, we can protect our resources by applying the [Authorize] attribute to the desired controllers or actions. For example, let's say we have a UsersController with an action that returns a list of users:

 IActionResult GetUsers()
    // TODO: Retrieve and return the list of users

By adding the [Authorize] attribute, we that only authenticated users can access this action. If an user tries to access it, they will a 401 Unauthorized response.


In this article, we have explored how to implement basic authentication in ASP.NET Core. We have seen how to configure the authentication middleware, create a custom authentication handler, and protect resources using the [Authorize] attribute. By following these steps, you can add basic authentication to your ASP.NET Core applications and secure your resources.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents