mihirdilip
diff --git a/‎README.md
Lines changed: 25 additions & 10 deletions b/‎README.md
Lines changed: 25 additions & 10 deletions
diff --git a/‎samples/SampleWebApi_2_0/Controllers/ValuesController.cs
Lines changed: 14 additions & 21 deletions b/‎samples/SampleWebApi_2_0/Controllers/ValuesController.cs
Lines changed: 14 additions & 21 deletions
diff --git a/‎samples/SampleWebApi_2_0/SampleWebApi_2_0.csproj
Lines changed: 5 additions & 1 deletion b/‎samples/SampleWebApi_2_0/SampleWebApi_2_0.csproj
Lines changed: 5 additions & 1 deletion
diff --git a/‎samples/SampleWebApi_2_0/Startup.cs
Lines changed: 124 additions & 9 deletions b/‎samples/SampleWebApi_2_0/Startup.cs
Lines changed: 124 additions & 9 deletions
diff --git a/‎samples/SampleWebApi_2_2/Controllers/ValuesController.cs
Lines changed: 14 additions & 24 deletions b/‎samples/SampleWebApi_2_2/Controllers/ValuesController.cs
Lines changed: 14 additions & 24 deletions
diff --git a/‎samples/SampleWebApi_2_2/SampleWebApi_2_2.csproj
Lines changed: 6 additions & 2 deletions b/‎samples/SampleWebApi_2_2/SampleWebApi_2_2.csproj
Lines changed: 6 additions & 2 deletions
@@ -18,6 +18,8 @@ PM> Install-Package AspNetCore.Authentication.Basic
 
 ## Example Usage
 
+Samples are available under [samples directory](samples).
+
 Setting it up is quite simple. You will need basic working knowledge of ASP.NET Core 2.2 or newer to get started using this code.
 
 On [**Startup.cs**](#startupcs), as shown below, add 2 lines in *ConfigureServices* method `services.AddAuthentication(BasicDefaults.AuthenticationScheme).AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });`. And a line `app.UseAuthentication();` in *Configure* method.
@@ -35,10 +37,17 @@ public class Startup
 	public void ConfigureServices(IServiceCollection services)
 	{
 		// Add the Basic scheme authentication here..
-		// AddBasic extension takes an implementation of IBasicUserValidationService for validating the username and password. 
-		// It also requires Realm to be set in the options.
-		services.AddAuthentication(BasicDefaults.AuthenticationScheme)
-			.AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });
+        // It requires Realm to be set in the options if SuppressWWWAuthenticateHeader is not set.
+        // If an implementation of IBasicUserValidationService interface is registered in the dependency register as well as OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of an implementation of IBasicUserValidationService.
+        services.AddAuthentication(BasicDefaults.AuthenticationScheme)
+
+            // The below AddBasic without type parameter will require OnValidateCredentials delegete on options.Events to be set unless an implementation of IBasicUserValidationService interface is registered in the dependency register.
+            // Please note if both the delgate and validation server are set then the delegate will be used instead of BasicUserValidationService.
+            //.AddBasic(options => { options.Realm = "My App"; });
+
+            // The below AddBasic with type parameter will add the BasicUserValidationService to the dependency register. 
+            // Please note if OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of BasicUserValidationService.
+            .AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });
 
 		services.AddControllers();
 
@@ -77,10 +86,17 @@ public class Startup
 	public void ConfigureServices(IServiceCollection services)
 	{
 		// Add the Basic scheme authentication here..
-		// AddBasic extension takes an implementation of IBasicUserValidationService for validating the username and password. 
-		// It also requires Realm to be set in the options.
-		services.AddAuthentication(BasicDefaults.AuthenticationScheme)
-			.AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });
+        // It requires Realm to be set in the options if SuppressWWWAuthenticateHeader is not set.
+        // If an implementation of IBasicUserValidationService interface is registered in the dependency register as well as OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of an implementation of IBasicUserValidationService.
+        services.AddAuthentication(BasicDefaults.AuthenticationScheme)
+
+            // The below AddBasic without type parameter will require OnValidateCredentials delegete on options.Events to be set unless an implementation of IBasicUserValidationService interface is registered in the dependency register.
+            // Please note if both the delgate and validation server are set then the delegate will be used instead of BasicUserValidationService.
+            //.AddBasic(options => { options.Realm = "My App"; });
+
+            // The below AddBasic with type parameter will add the BasicUserValidationService to the dependency register. 
+            // Please note if OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of BasicUserValidationService.
+            .AddBasic<BasicUserValidationService>(options => { options.Realm = "My App"; });
 
 		services.AddMvc();
 
@@ -163,7 +179,6 @@ app.UseEndpoints(endpoints =>
 - [RFC 7617: Technical spec for HTTP Basic](https://tools.ietf.org/html/rfc7617)
 - [ASP.NET Core Security documentation](https://docs.microsoft.com/en-us/aspnet/core/security)
 - [aspnet/Security](https://github.com/dotnet/aspnetcore/tree/master/src/Security)
-- [Creating an authentication scheme in ASP.NET Core 2.0](https://joonasw.net/view/creating-auth-scheme-in-aspnet-core-2)
 
 ## License
-[MIT License](https://github.com/mihirdilip/aspnetcore-authentication-basic/blob/master/LICENSE.txt)
+[MIT License](https://github.com/mihirdilip/aspnetcore-authentication-basic/blob/master/LICENSE.txt)
@@ -1,5 +1,6 @@
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
+using System.Text;
 
 namespace SampleWebApi_2_2.Controllers
 {
@@ -13,29 +14,21 @@ public IEnumerable<string> Get()
 			return new string[] { "value1", "value2" };
 		}
 
-		// GET api/values/5
-		[HttpGet("{id}")]
-		public string Get(int id)
-		{
-			return "value";
-		}
-
-		// POST api/values
-		[HttpPost]
-		public void Post([FromBody] string value)
-		{
-		}
-
-		// PUT api/values/5
-		[HttpPut("{id}")]
-		public void Put(int id, [FromBody] string value)
-		{
-		}
+		[HttpGet("claims")]
+		public string Claims()
+        {
+			var sb = new StringBuilder();
+            foreach (var claim in User.Claims)
+            {
+				sb.AppendLine($"{claim.Type}: {claim.Value}");
+            }
+			return sb.ToString();
+        }
 
-		// DELETE api/values/5
-		[HttpDelete("{id}")]
-		public void Delete(int id)
+		[HttpGet("forbid")]
+		public new IActionResult Forbid()
 		{
+			return base.Forbid();
 		}
 	}
 }
@@ -12,7 +12,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.Basic" Version="3.1.0-preview.1" />
+    <PackageReference Include="AspNetCore.Authentication.Basic" Version="3.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.9" />
   </ItemGroup>
 
@@ -21,5 +21,9 @@
   </ItemGroup>
 
   <Import Project="..\SampleWebApi.Shared\SampleWebApi.Shared.projitems" Label="Shared" />
+  
+  <!--<ItemGroup>
+    <ProjectReference Include="..\..\src\AspNetCore.Authentication.Basic\AspNetCore.Authentication.Basic.csproj" />
+  </ItemGroup>-->
 
 </Project>
@@ -1,17 +1,21 @@
-using Microsoft.AspNetCore.Authorization;
+using AspNetCore.Authentication.Basic;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.AspNetCore.Rewrite;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using AspNetCore.Authentication.Basic;
 using SampleWebApi.Repositories;
 using SampleWebApi.Services;
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Threading.Tasks;
 
 namespace SampleWebApi
 {
-	public class Startup
+    public class Startup
 	{
 		public Startup(IConfiguration configuration)
 		{
@@ -26,13 +30,124 @@ public void ConfigureServices(IServiceCollection services)
 			// Add User repository to the dependency container.
 			services.AddTransient<IUserRepository, InMemoryUserRepository>();
 
-			// Add the Basic scheme authentication here..
-			// AddBasic extension takes an implementation of IBasicUserValidationService for validating the username and password. 
-			// It also requires Realm to be set in the options.
-			services.AddAuthentication(BasicDefaults.AuthenticationScheme)
-				.AddBasic<BasicUserValidationService>(options => { options.Realm = "Sample Web API"; });
+            // Add the Basic scheme authentication here..
+            // It requires Realm to be set in the options if SuppressWWWAuthenticateHeader is not set.
+            // If an implementation of IBasicUserValidationService interface is registered in the dependency register as well as OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of an implementation of IBasicUserValidationService.
+            services.AddAuthentication(BasicDefaults.AuthenticationScheme)
 
-			services.AddMvc(options =>
+                // The below AddBasic without type parameter will require OnValidateCredentials delegete on options.Events to be set unless an implementation of IBasicUserValidationService interface is registered in the dependency register.
+                // Please note if both the delgate and validation server are set then the delegate will be used instead of BasicUserValidationService.
+                //.AddBasic(options =>
+
+                // The below AddBasic with type parameter will add the BasicUserValidationService to the dependency register. 
+                // Please note if OnValidateCredentials delegete on options.Events is also set then this delegate will be used instead of BasicUserValidationService.
+                .AddBasic<BasicUserValidationService>(options =>
+                {
+                    options.Realm = "Sample Web API";
+
+                    //// Optional option to suppress the browser login dialog for ajax calls.
+                    //options.SuppressWWWAuthenticateHeader = true;
+
+                    //// Optional events to override the basic original logic with custom logic.
+                    //// Only use this if you know what you are doing at your own risk. Any of the events can be assigned. 
+                    options.Events = new BasicEvents
+                    {
+
+                        //// A delegate assigned to this property will be invoked just before validating credentials. 
+                        //OnValidateCredentials = async (context) =>
+                        //{
+                        //    // custom code to handle credentials, create principal and call Success method on context.
+                        //    var userRepository = context.HttpContext.RequestServices.GetRequiredService<IUserRepository>();
+                        //    var user = await userRepository.GetUserByUsername(context.Username);
+                        //    var isValid = user != null && user.Password == context.Password;
+                        //    if (isValid)
+                        //    {
+                        //        context.Response.Headers.Add("ValidationCustomHeader", "From OnValidateCredentials");
+                        //        var claims = new[]
+                        //        {
+                        //            new Claim(ClaimTypes.NameIdentifier, context.Username, ClaimValueTypes.String, context.Options.ClaimsIssuer),
+                        //            new Claim(ClaimTypes.Name, context.Username, ClaimValueTypes.String, context.Options.ClaimsIssuer),
+                        //            new Claim("CustomClaimType", "Custom Claim Value - from OnValidateCredentials")
+                        //        };
+                        //        context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
+                        //        context.Success();
+                        //    }
+                        //    else
+                        //    {
+                        //        context.NoResult();
+                        //    }
+                        //},
+
+                        //// A delegate assigned to this property will be invoked just before validating credentials. 
+                        //// NOTE: Same as above delegate but slightly different implementation which will give same result.
+                        //OnValidateCredentials = async (context) =>
+                        //{
+                        //    // custom code to handle credentials, create principal and call Success method on context.
+                        //    var userRepository = context.HttpContext.RequestServices.GetRequiredService<IUserRepository>();
+                        //    var user = await userRepository.GetUserByUsername(context.Username);
+                        //    var isValid = user != null && user.Password == context.Password;
+                        //    if (isValid)
+                        //    {
+                        //        context.Response.Headers.Add("ValidationCustomHeader", "From OnValidateCredentials");
+                        //        var claims = new[]
+                        //        {
+                        //            new Claim("CustomClaimType", "Custom Claim Value - from OnValidateCredentials")
+                        //        };
+                        //        context.ValidationSucceeded(claims);    // claims are optional
+                        //    }
+                        //    else
+                        //    {
+                        //        context.ValidationFailed();
+                        //    }
+                        //},
+
+                        //// A delegate assigned to this property will be invoked before a challenge is sent back to the caller when handling unauthorized response.
+                        //OnHandleChallenge = async (context) =>
+                        //{
+                        //    // custom code to handle authentication challenge unauthorized response.
+                        //    context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                        //    context.Response.Headers.Add("ChallengeCustomHeader", "From OnHandleChallenge");
+                        //    await context.Response.WriteAsync("{\"CustomBody\":\"From OnHandleChallenge\"}");
+                        //    context.Handled();  // important! do not forget to call this method at the end.
+                        //},
+
+                        //// A delegate assigned to this property will be invoked if Authorization fails and results in a Forbidden response.
+                        //OnHandleForbidden = async (context) =>
+                        //{
+                        //    // custom code to handle forbidden response.
+                        //    context.Response.StatusCode = StatusCodes.Status403Forbidden;
+                        //    context.Response.Headers.Add("ForbidCustomHeader", "From OnHandleForbidden");
+                        //    await context.Response.WriteAsync("{\"CustomBody\":\"From OnHandleForbidden\"}");
+                        //    context.Handled();  // important! do not forget to call this method at the end.
+                        //},
+
+                        //// A delegate assigned to this property will be invoked when the authentication succeeds. It will not be called if OnValidateCredentials delegate is assigned.
+                        //// It can be used for adding claims, headers, etc to the response.
+                        //OnAuthenticationSucceeded = (context) =>
+                        //{
+                        //    //custom code to add extra bits to the success response.
+                        //    context.Response.Headers.Add("SuccessCustomHeader", "From OnAuthenticationSucceeded");
+                        //    var customClaims = new List<Claim>
+                        //    {
+                        //        new Claim("CustomClaimType", "Custom Claim Value - from OnAuthenticationSucceeded")
+                        //    };
+                        //    context.AddClaims(customClaims);
+                        //    //or can add like this - context.Principal.AddIdentity(new ClaimsIdentity(customClaims));
+                        //    return Task.CompletedTask;
+                        //},
+
+                        //// A delegate assigned to this property will be invoked when the authentication fails.
+                        //OnAuthenticationFailed = (context) =>
+                        //{
+                        //    // custom code to handle failed authentication.
+                        //    context.Fail("Failed to authenticate");
+                        //    return Task.CompletedTask;
+                        //}
+
+                    };
+                });
+
+            services.AddMvc(options =>
 				{
 					// ALWAYS USE HTTPS (SSL) protocol in production when using Basic authentication.
 					//options.Filters.Add<RequireHttpsAttribute>();
 
@@ -1,12 +1,10 @@
-using System;
+using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Mvc;
+using System.Text;
 
 namespace SampleWebApi_2_2.Controllers
 {
-	[Route("api/[controller]")]
+    [Route("api/[controller]")]
 	[ApiController]
 	public class ValuesController : ControllerBase
 	{
@@ -17,29 +15,21 @@ public ActionResult<IEnumerable<string>> Get()
 			return new string[] { "value1", "value2" };
 		}
 
-		// GET api/values/5
-		[HttpGet("{id}")]
-		public ActionResult<string> Get(int id)
+		[HttpGet("claims")]
+		public ActionResult<string> Claims()
 		{
-			return "value";
+			var sb = new StringBuilder();
+			foreach (var claim in User.Claims)
+			{
+				sb.AppendLine($"{claim.Type}: {claim.Value}");
+			}
+			return sb.ToString();
 		}
 
-		// POST api/values
-		[HttpPost]
-		public void Post([FromBody] string value)
-		{
-		}
-
-		// PUT api/values/5
-		[HttpPut("{id}")]
-		public void Put(int id, [FromBody] string value)
-		{
-		}
-
-		// DELETE api/values/5
-		[HttpDelete("{id}")]
-		public void Delete(int id)
+		[HttpGet("forbid")]
+		public new IActionResult Forbid()
 		{
+			return base.Forbid();
 		}
 	}
 }
@@ -6,11 +6,15 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.Basic" Version="3.1.0-preview.1" />
+    <PackageReference Include="AspNetCore.Authentication.Basic" Version="3.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.2.0" PrivateAssets="All" />
   </ItemGroup>
-
+  
   <Import Project="..\SampleWebApi.Shared\SampleWebApi.Shared.projitems" Label="Shared" />
 
+  <!--<ItemGroup>
+    <ProjectReference Include="..\..\src\AspNetCore.Authentication.Basic\AspNetCore.Authentication.Basic.csproj" />
+  </ItemGroup>-->
+
 </Project>