What is Basic Authentication ?
Basic authentication is a mechanism where an end user gets authenticated with the help of plain credentials such as username and password. In this type of authentication, end user makes a request with user name and password embedded in request header and the service returns the response accordingly if the user is authenticated or not, by checking the username and password.
Implementing Basic Authentication in Web API 2
To implement Basic Authentication we have to create a class and derive that class from AuthorizationFilterAttribute (under System.Web.Http.Filters). We need to override onAuthorization method to add a custom logic. We need to check the header of the ActionContext to authorize the user as because for Basic Authentication client send the credentials using a header.
public override void OnAuthorization(HttpActionContext actionContext)
var auth = actionContext.Request.Headers.Authorization;
// If Authorization is null that means client has not sent the authorization header
if(auth == null && auth.Parameter == null)
// Send UnAuthorized Error
//In Basic Authentication client send the credentials in base64 of username:password.
// Thus we have to decode the base64 to get the headervalue (i.e. username:password)
var headerValue = Encoding.Default.GetString(Convert.FromBase64String(auth.Paramter));
// Splitting the string on colon (:) to get username and password
var userCredentials = headerValue.Split(':');
var username = userCredentials;
var password = userCredentials;
// Check if username password matches, then authorized otherwise unauthorized
Disadvantages of using Basic Authentication
Though implementing basic authentication id dead simple but it also has disadvantages like it send the user credentials in plain text. So the credentials are very prone to hack. One more disadvantage is that we have to send the Authentication header on each request thus its more work involved.
Please Like and Share CodingDefined.com blog, if you find it interesting and helpful.