You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+38-1Lines changed: 38 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -143,7 +143,44 @@ public class BasicUserValidationService : IBasicUserValidationService
143
143
}
144
144
}
145
145
```
146
-
146
+
147
+
## Configuration (BasicOptions)
148
+
#### Realm
149
+
Required to be set if SuppressWWWAuthenticateHeader is not set to true. It is used with WWW-Authenticate response header when challenging un-authenticated requests.
150
+
151
+
#### SuppressWWWAuthenticateHeader
152
+
Default value is false.
153
+
When set to true, it will NOT return WWW-Authenticate response header when challenging un-authenticated requests.
154
+
When set to false, it will return WWW-Authenticate response header when challenging un-authenticated requests.
155
+
156
+
#### Events
157
+
The object provided by the application to process events raised by the basic authentication middleware.
158
+
The application may implement the interface fully, or it may create an instance of BasicEvents and assign delegates only to the events it wants to process.
159
+
-##### OnValidateCredentials
160
+
A delegate assigned to this property will be invoked just before validating credentials.
161
+
You must provide a delegate for this property for authentication to occur.
162
+
In your delegate you should either call context.ValidationSucceeded() which will handle construction of authentication principal from the user details which will be assiged the context.Principal property and call context.Success(), or construct an authentication principal from the user details & attach it to the context.Principal property and finally call context.Success() method.
163
+
If only context.Principal property set without calling context.Success() method then, Success() method is automaticalled called.
164
+
165
+
-##### OnAuthenticationSucceeded
166
+
A delegate assigned to this property will be invoked when the authentication succeeds. It will not be called if OnValidateCredentials delegate is assigned.
167
+
It can be used for adding claims, headers, etc to the response.
168
+
169
+
-##### OnAuthenticationFailed
170
+
A delegate assigned to this property will be invoked when the authentication fails.
171
+
172
+
-##### OnHandleChallenge
173
+
A delegate assigned to this property will be invoked before a challenge is sent back to the caller when handling unauthorized response.
174
+
Only use this if you know what you are doing and if you want to use custom implementation. Set the delegate to deal with 401 challenge concerns, if an authentication scheme in question deals an authentication interaction as part of it's request flow. (like adding a response header, or changing the 401 result to 302 of a login page or external sign-in location.)
175
+
Call context.Handled() at the end so that any default logic for this challenge will be skipped.
176
+
177
+
-##### OnHandleForbidden
178
+
A delegate assigned to this property will be invoked if Authorization fails and results in a Forbidden response.
179
+
Only use this if you know what you are doing and if you want to use custom implementation.
180
+
Set the delegate to handle Forbid.
181
+
Call context.Handled() at the end so that any default logic will be skipped.
182
+
183
+
147
184
## Additional Notes
148
185
Please note that, by default, with ASP.NET Core, all the requests are not challenged for authentication. So don't worry if your *BasicUserValidationService* is not hit when you don't pass the required basic authentication details with the request. It is a normal behaviour. ASP.NET Core challenges authentication only when it is specifically told to do so either by decorating controller/method with *[Authorize]* filter attribute or by some other means.
0 commit comments