Basic Authentication for Standalone HTTP Handler

[ethanshea-ms]

From #92 I see it is possible to use Basic Auth for the ASP.NET HTTP Handler. Is this also possible for the standalone HTTP Handler?

Example:

var metricServer = new MetricServer(port: 1234);
// How do I apply basic authentication here?
metricServer.Start();

[sandersaares]

This is not currently supported, though could likely be added.

The first design that comes to mind is a request filtering callback such as:

metricServer.RequestFilter = request => IsAuthorized(request.Headers.Authorization);

Would this satisfy your use case? What is the authorization logic you would like to apply? That is, where do the credentials come from and how would they be validated?

I would also be interested to hear more about your usage of MetricServer. It is the oldest mechanism for publishing metrics in the library and over the years is moving ever more into the "legacy" category, so it would be good to better understand the needs of people who still want to use it, to keep it getting the attention it needs. What makes you prefer this mechanism over the others available?

[ethanshea-ms]

Yes, that sort of a design would work. The design you proposed is reminiscent of SslOptions.RemoteCertificateValidationCallback.

My use case involves shipping code to be run in Azure IoT Edge. Direct method calls are used for interacting with IoT Edge modules, so there is no need for ASP.NET/Kestrel. We are trying to avoid taking a dependency on it if possible.