ASP.NET Basic Auth Config Internally?

181 views Asked by At

Using VS 2013 to build an ASP.NET MVC 5 site. Without fiddling with any IIS GUI settings, I would like to set the deployed site or webapp to use Basic Challenge Auth, and use the SSL certificate "foo". Ideally something fully code-driven in C# would be ideal, but if its all web.config I'd go for that as well.

All ideas appreciated.

Thanks.

1

There are 1 answers

0
Badrinarayanan Lakshmiraghavan On

There used to be an out-of-box OWIN middleware in Katana project for basic authentication but I can't seem to find where it is currently. Even if it is not part of Katana, you can write a middleware like this. Or, you can write an HTTP module to implement the same functionality as well like this. Basic authentication is a simple mechanism. You just need to parse the HTTP authorization header in basic scheme to get the user id and password. One problem however is that it is susceptible to CSRF, when used with browser based clients. For configuring the certificate with IIS, you have to fiddle with IIS only.