Skip to content
A filled with self-loathing implementation of Basic Authentication, and Certificate Authentication to make me feel like a real security person, all for for ASP.NET Core
Branch: master
Clone or download
blowdart Fixed the automatic principal create in certificate auth so it does t…
…he right thing. Added tests for the principal creation and documentation.
Latest commit 0cee3a0 Apr 19, 2019


Build status

This repository contains a collection of various authentication mechanisms for ASP.NET Core, including

Basic Authentication started as a demonstration of how to write authentication middleware and was not as something you would seriously consider using, but some people want Basic Authentication and Certificate Authentication is a common request on the ASP.NET Core Security repo, so I am releasing my own versions of them.

All work is now targeted at ASP.NET Core 2.0.

This is not an official Microsoft project, this is an "In my spare time, entirely unsupported"™ effort.

nuget packages

nuget packages are available for the ASP.NET Core 2.0 versions of the authentication handlers.

Authentication Type Package Name nuget link Current Version
Basic               idunno.Authentication.Basic       2.1.1          
Certificate         idunno.Authentication.Certificate 2.1.1          

Version History

Version Notes
2.1.1 Added SourceLink
Changed library dependencies to remove demands for exact versions, following the .NET Core open-source library guidance
nuget package is now signed
2.1.0 Added Certificate Authentication
Fixed Basic Authentication event handling
Packages are now Authenticode signed

What about older versions of ASP.NET Core?

Older versions of Basic Authentication are available in the appropriate branch. No nuget packages are available for ASP.NET Core 1.x.

Certificate Authentication is only available for ASP.NET Core 2.0. It will not be back ported to 1.x.

ASP.NET Core MVC Version Branch
1.1 rel/1.1.1
1.0 rel/1.0.0


Each handler requires you to authenticate the credentials passed. You are responsible for hardening this authentication and ensuring it performs under load.

You can’t perform that action at this time.