Does not support injected BasicAuthenticationEvents

[marcrocny]

As an alternative to setting OnSignIn directly, it should be possible to inherit BasicAuthenticationEvents and override SignInAsync(), register the new events-type in ConfigureSerivces and set it on AuthenticationSchemeOptions.EventsType. The security infrastructure will inject it to AuthenticationHandler.Events when the sheme's AuthenticationHandler is resolved by dependency injection (see here).

However, BasicAuthenticationHandler short-circuits this functionality by calling Options.Events.SignInAsync(context). It should be just Events.SignInAsync(context)

[djanosik]

Thank you! Can you send a PR?

[marcrocny]

I'd need a day, unless: is there a way to submit a PR directly without forking?

[marcrocny]

To be honest, I'm hesitant because of the lack of tests on the project. This seems like an innocuous change, but with the level of "magic" in aspnet/Security I'd be worried about breaking something else without some regression testing.

I could probably at least create another "sample" project that exercises the feature. If you're okay with reviewing the change against that and the existing example, then that's okay with me.

[primalfear]

There is a very "Ugly" hack to get this working.

public static class AuthenticationServices
    {
        public static IServiceCollection AddAuthenticationServices(this IServiceCollection services)
        {
            if (services == null)
                return null;

            services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();           
            services.AddTransient<IPrincipalProvider, HttpContextPrincipalProvider>();
            services.AddTransient<Authenticator>();


            var provider = services.BuildServiceProvider();
            services.AddAuthentication("Basic")
                .AddBasic(o =>
                {
                    o.Realm = "Sphinx";
                    o.Events = provider.CreateScope().ServiceProvider.GetRequiredService<Authenticator>();
                });

            return services;
        }
    }

public class Authenticator : BasicAuthenticationEvents
    {
        public IRepository Repository { get; }
        public IMemoryCache MemoryCache { get; }

        public Authenticator(IRepository repository) {
            this.Repository = repository ?? throw new ArgumentNullException(nameof(repository));
        }

        public override async Task SignInAsync(BasicSignInContext context) {


            //Check Cache
            var cacheKey = Extensions.CacheExtensions.GenerateCacheKey(context.UserName, context.Password);
            var data = await this.CreateClaimsFor(context);
            if(data == null)
                return;

            var identity = new ClaimsIdentity(data, context.Scheme.Name);
            context.Principal = new ClaimsPrincipal(identity);
        }

        private async Task<Claim[]> CreateClaimsFor(BasicSignInContext context) {
            
            if (!context.UserName.Equals("apikey", StringComparison.InvariantCultureIgnoreCase))
                return null;

            var intergration = await this.Repository.GetByApiKeyAsync(context.Password);
            
            if (intergration == null || intergration.Status != Constants.Integration.Status.Active)
                return null;

            if (intergration.ApiKey != context.Password)
                return null;

            var claims = new[] {
                new Claim("sub", intergration.Uuid.ToString("N")),
                new Claim("name", intergration.Name),
                new Claim("status", intergration.Status),
                new Claim("organisation", intergration.Organisation.Uuid.ToString("N"))
            };

            return claims;
        }
        
    }