Added new middleware to protect paths by authorization (also static files)

AMWD.Common.AspNetCore/Security/BasicAuthentication/BasicAuthenticationMiddleware.cs

@@ -0,0 +1,80 @@
+using System;
+using System.Linq;
+using System.Net.Http.Headers;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+
+namespace AMWD.Common.AspNetCore.Security.BasicAuthentication
+{
+	/// <summary>
+	/// Implements a basic authentication.
+	/// </summary>
+	public class BasicAuthenticationMiddleware
+	{
+		private readonly RequestDelegate next;
+		private readonly IBasicAuthenticationValidator validator;
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="BasicAuthenticationMiddleware"/> class.
+		/// </summary>
+		/// <param name="next">The following delegate in the process chain.</param>
+		/// <param name="validator">A basic authentication validator.</param>
+		public BasicAuthenticationMiddleware(RequestDelegate next, IBasicAuthenticationValidator validator)
+		{
+			this.next = next;
+			this.validator = validator;
+		}
+
+		/// <summary>
+		/// The delegate invokation.
+		/// Performs the authentication check.
+		/// </summary>
+		/// <param name="httpContext">The corresponding HTTP context.</param>
+		/// <returns>An awaitable task.</returns>
+		public async Task InvokeAsync(HttpContext httpContext)
+		{
+			if (!httpContext.Request.Headers.ContainsKey("Authorization"))
+			{
+				SetAuthenticateRequest(httpContext, validator.Realm);
+				return;
+			}
+
+			try
+			{
+				var authHeader = AuthenticationHeaderValue.Parse(httpContext.Request.Headers["Authorization"]);
+				byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
+				string plain = Encoding.UTF8.GetString(decoded);
+
+				// See: https://www.rfc-editor.org/rfc/rfc2617, page 6
+				string username = plain.Split(':').First();
+				string password = plain[(username.Length + 1)..];
+
+				var principal = await validator.ValidateAsync(username, password, httpContext.GetRemoteIpAddress(), httpContext.RequestAborted);
+				if (principal == null)
+				{
+					SetAuthenticateRequest(httpContext, validator.Realm);
+					return;
+				}
+
+				await next.Invoke(httpContext);
+			}
+			catch (Exception ex)
+			{
+				var logger = (ILogger<BasicAuthenticationMiddleware>)httpContext.RequestServices.GetService(typeof(ILogger<BasicAuthenticationMiddleware>));
+				logger?.LogError(ex, $"Falied to execute basic authentication middleware: {ex.InnerException?.Message ?? ex.Message}");
+				httpContext.Response.StatusCode = StatusCodes.Status500InternalServerError;
+			}
+		}
+
+		private static void SetAuthenticateRequest(HttpContext httpContext, string realm)
+		{
+			httpContext.Response.Headers["WWW-Authenticate"] = "Basic";
+			if (!string.IsNullOrWhiteSpace(realm))
+				httpContext.Response.Headers["WWW-Authenticate"] = $"Basic realm=\"{realm.Replace("\"", "")}\"";
+
+			httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
+		}
+	}
+}