.Net 5.0 target framework added

Author: mihirdilip

src/AspNetCore.Authentication.Basic/AspNetCore.Authentication.Basic.csproj

@@ -1,12 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp3.1;netcoreapp3.0;netstandard2.0;net461</TargetFrameworks>
-    <Version>3.1.1</Version>
+    <TargetFrameworks>net5.0;netcoreapp3.1;netcoreapp3.0;netstandard2.0;net461</TargetFrameworks>
+    <Version>5.0.0</Version>
     <RepositoryUrl>https://github.com/mihirdilip/aspnetcore-authentication-basic/tree/$(Version)</RepositoryUrl>
     <PackageProjectUrl>https://github.com/mihirdilip/aspnetcore-authentication-basic/tree/$(Version)</PackageProjectUrl>
-    <PackageTags>aspnetcore, security, authentication, microsoft, microsoft.aspnetcore.authentication, microsoft-aspnetcore-authentication, microsoft.aspnetcore.authentication.basic, microsoft-aspnetcore-authentication-basic, asp-net-core, netstandard, netstandard20, basic-authentication, basicauthentication, dotnetcore, dotnetcore3.1, asp-net-core-basic-authentication, aspnetcore-basic-authentication, asp-net-core-authentication, aspnetcore-authentication, asp, aspnet, basic, authentication-scheme</PackageTags>
-    <PackageReleaseNotes>- Fixed issue with resolving of IBasicUserValidationService implementation when using multiple schemes
+    <PackageTags>aspnetcore, security, authentication, microsoft, microsoft.aspnetcore.authentication, microsoft-aspnetcore-authentication, microsoft.aspnetcore.authentication.basic, microsoft-aspnetcore-authentication-basic, asp-net-core, netstandard, netstandard20, basic-authentication, basicauthentication, dotnetcore, dotnetcore3.1, net5, net5.0, asp-net-core-basic-authentication, aspnetcore-basic-authentication, net5-basic-authentication, asp-net-core-authentication, aspnetcore-authentication, net5-authentication, asp, aspnet, basic, authentication-scheme</PackageTags>
+    <PackageReleaseNotes>- Net 5.0 target framework added
+- IgnoreAuthenticationIfAllowAnonymous added to the ApiKeyOptions from netcoreapp3.0 onwards
     </PackageReleaseNotes>
     <Description>Easy to use and very light weight Microsoft style Basic Scheme Authentication implementation for ASP.NET Core.</Description>
     <Authors>Mihir Dilip</Authors>
@@ -19,6 +20,7 @@
     <NeutralLanguage />
     <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
     <PackageLicenseFile>LICENSE.txt</PackageLicenseFile>
+    <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
   </PropertyGroup>
 
   <PropertyGroup>
@@ -50,7 +52,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.0' Or '$(TargetFramework)' == 'netcoreapp3.1'">
+  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.0' Or '$(TargetFramework)' == 'netcoreapp3.1' Or '$(TargetFramework)' == 'net5.0'">
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
   </ItemGroup>
 

src/AspNetCore.Authentication.Basic/BasicHandler.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -26,7 +27,7 @@ internal class BasicHandler : AuthenticationHandler<BasicOptions>
 		/// <param name="logger"></param>
 		/// <param name="encoder"></param>
 		/// <param name="clock"></param>
-		public BasicHandler(IOptionsMonitor<BasicOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) 
+		public BasicHandler(IOptionsMonitor<BasicOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
 			: base(options, logger, encoder, clock)
 		{
 		}
@@ -36,7 +37,7 @@ public BasicHandler(IOptionsMonitor<BasicOptions> options, ILoggerFactory logger
 		/// <summary>
 		/// Get or set <see cref="BasicEvents"/>.
 		/// </summary>
-        protected new BasicEvents Events { get => (BasicEvents)base.Events; set => base.Events = value; }
+		protected new BasicEvents Events { get => (BasicEvents)base.Events; set => base.Events = value; }
 
 		/// <summary>
 		/// Create an instance of <see cref="BasicEvents"/>.
@@ -50,6 +51,12 @@ public BasicHandler(IOptionsMonitor<BasicOptions> options, ILoggerFactory logger
 		/// <returns><see cref="AuthenticateResult"/></returns>
 		protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 		{
+			if (IgnoreAuthenticationIfAllowAnonymous())
+			{
+				Logger.LogInformation("AllowAnonymous found on the endpoint so request was not authenticated.");
+				return AuthenticateResult.NoResult();
+			}
+
 			if (!Request.Headers.ContainsKey(HeaderNames.Authorization))
 			{
 				Logger.LogInformation("No 'Authorization' header found in the request.");
@@ -61,57 +68,57 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 				Logger.LogInformation("No valid 'Authorization' header found in the request.");
 				return AuthenticateResult.NoResult();
 			}
-			
+
 			if (!headerValue.Scheme.Equals(BasicDefaults.AuthenticationScheme, StringComparison.OrdinalIgnoreCase))
 			{
 				Logger.LogInformation($"'Authorization' header found but the scheme is not a '{BasicDefaults.AuthenticationScheme}' scheme.");
 				return AuthenticateResult.NoResult();
 			}
 
 			BasicCredentials credentials;
-            try
-            {
+			try
+			{
 				credentials = DecodeBasicCredentials(headerValue.Parameter);
 			}
-            catch (Exception exception)
-            {
+			catch (Exception exception)
+			{
 				Logger.LogError(exception, "Error decoding credentials from header value.");
 				return AuthenticateResult.Fail("Error decoding credentials from header value." + Environment.NewLine + exception.Message);
 
 			}
-            
+
 			try
 			{
 				var validateCredentialsResult = await RaiseAndHandleEventValidateCredentialsAsync(credentials).ConfigureAwait(false);
 				if (validateCredentialsResult != null)
-                {
+				{
 					// If result is set then return it.
 					return validateCredentialsResult;
-                }
+				}
 
 				// Validate using the implementation of IBasicUserValidationService.
 				var hasValidationSucceeded = await ValidateUsingBasicUserValidationServiceAsync(credentials.Username, credentials.Password).ConfigureAwait(false);
 				return hasValidationSucceeded
 					? await RaiseAndHandleAuthenticationSucceededAsync(credentials).ConfigureAwait(false)
 					: AuthenticateResult.Fail("Invalid username or password.");
 			}
-            catch (Exception exception)
-            {
+			catch (Exception exception)
+			{
 				var authenticationFailedContext = new BasicAuthenticationFailedContext(Context, Scheme, Options, exception);
 				await Events.AuthenticationFailedAsync(authenticationFailedContext).ConfigureAwait(false);
-				
+
 				if (authenticationFailedContext.Result != null)
 				{
 					return authenticationFailedContext.Result;
 				}
-				
+
 				throw;
 			}
 		}
 
 		/// <inheritdoc/>
-        protected override async Task HandleForbiddenAsync(AuthenticationProperties properties)
-        {
+		protected override async Task HandleForbiddenAsync(AuthenticationProperties properties)
+		{
 			// Raise handle forbidden event.
 			var handleForbiddenContext = new BasicHandleForbiddenContext(Context, Scheme, Options, properties);
 			await Events.HandleForbiddenAsync(handleForbiddenContext).ConfigureAwait(false);
@@ -121,7 +128,7 @@ protected override async Task HandleForbiddenAsync(AuthenticationProperties prop
 			}
 
 			await base.HandleForbiddenAsync(properties);
-        }
+		}
 
 		/// <summary>
 		/// Handles the un-authenticated requests. 
@@ -150,7 +157,7 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
 		}
 
 		private async Task<AuthenticateResult> RaiseAndHandleEventValidateCredentialsAsync(BasicCredentials credentials)
-        {
+		{
 			var validateCredentialsContext = new BasicValidateCredentialsContext(Context, Scheme, Options, credentials.Username, credentials.Password);
 			await Events.ValidateCredentialsAsync(validateCredentialsContext).ConfigureAwait(false);
 
@@ -170,7 +177,7 @@ private async Task<AuthenticateResult> RaiseAndHandleEventValidateCredentialsAsy
 		}
 
 		private async Task<AuthenticateResult> RaiseAndHandleAuthenticationSucceededAsync(BasicCredentials credentials)
-        {
+		{
 			// ..create claims principal.
 			var principal = BasicUtils.BuildClaimsPrincipal(credentials.Username, Scheme.Name, ClaimsIssuer);
 
@@ -194,8 +201,18 @@ private async Task<AuthenticateResult> RaiseAndHandleAuthenticationSucceededAsyn
 			return AuthenticateResult.Fail("No authenticated prinicipal set.");
 		}
 
+		private bool IgnoreAuthenticationIfAllowAnonymous()
+		{
+#if (NET461 || NETSTANDARD2_0)
+			return false;
+#else
+			return Options.IgnoreAuthenticationIfAllowAnonymous
+				&& Context.GetEndpoint()?.Metadata?.GetMetadata<Microsoft.AspNetCore.Authorization.IAllowAnonymous>() != null;
+#endif
+		}
+
 		private async Task<bool> ValidateUsingBasicUserValidationServiceAsync(string username, string password)
-        {
+		{
 			IBasicUserValidationService basicUserValidationService = null;
 			if (Options.BasicUserValidationServiceType != null)
 			{
@@ -221,7 +238,7 @@ private async Task<bool> ValidateUsingBasicUserValidationServiceAsync(string use
 		}
 
 		private BasicCredentials DecodeBasicCredentials(string credentials)
-        {
+		{
 			string username;
 			string password;
 			try
@@ -245,25 +262,25 @@ private BasicCredentials DecodeBasicCredentials(string credentials)
 			{
 				throw new Exception("Username cannot be empty.");
 			}
-			
+
 			if (password == null)
 			{
 				password = string.Empty;
 			}
-			
+
 			return new BasicCredentials(username, password);
 		}
 
 		private struct BasicCredentials
-        {
-            public BasicCredentials(string username, string password)
-            {
-                Username = username;
-                Password = password;
-            }
-
-            public string Username { get; }
-            public string Password { get; }
-        }
+		{
+			public BasicCredentials(string username, string password)
+			{
+				Username = username;
+				Password = password;
+			}
+
+			public string Username { get; }
+			public string Password { get; }
+		}
 	}
 }

src/AspNetCore.Authentication.Basic/BasicOptions.cs

@@ -10,7 +10,7 @@ namespace AspNetCore.Authentication.Basic
     /// Options used to configure basic authentication.
     /// </summary>
     public class BasicOptions : AuthenticationSchemeOptions
-	{
+    {
         /// <summary>
         /// Constructor.
         /// </summary>
@@ -46,6 +46,14 @@ public BasicOptions()
             set => base.Events = value;
         }
 
+#if !(NET461 || NETSTANDARD2_0)
+        /// <summary>
+        /// Default value is false.
+        /// If set to true, it checks if AllowAnonymous filter on controller action or metadata on the endpoint which, if found, it does not try to authenticate the request.
+        /// </summary>
+        public bool IgnoreAuthenticationIfAllowAnonymous { get; set; }
+#endif
+
         internal Type BasicUserValidationServiceType { get; set; } = null;
     }
 }

src/AspNetCore.Authentication.Basic/Events/BasicAuthenticationSucceededContext.cs

@@ -40,8 +40,7 @@ public BasicAuthenticationSucceededContext(HttpContext context, AuthenticationSc
         /// <exception cref="ArgumentNullException"></exception>
         public void ReplacePrincipal(ClaimsPrincipal principal)
         {
-            if (principal == null) throw new ArgumentNullException(nameof(principal));
-            base.Principal = principal;
+            base.Principal = principal ?? throw new ArgumentNullException(nameof(principal));
         }
 
         /// <summary>