Added get methods to API.

Middleware/Authen.cs

@@ -1,4 +1,5 @@
-using CarCareTracker.Models;
+using CarCareTracker.Helper;
+using CarCareTracker.Models;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Components.Web;
 using Microsoft.AspNetCore.DataProtection;
@@ -14,17 +15,20 @@ namespace CarCareTracker.Middleware
     {
         private IHttpContextAccessor _httpContext;
         private IDataProtector _dataProtector;
+        private ILoginHelper _loginHelper;
         private bool enableAuth;
         public Authen(
             IOptionsMonitor<AuthenticationSchemeOptions> options,
             UrlEncoder encoder,
             ILoggerFactory logger,
             IConfiguration configuration,
+            ILoginHelper loginHelper,
             IDataProtectionProvider securityProvider,
             IHttpContextAccessor httpContext) : base(options, logger, encoder)
         {
             _httpContext = httpContext;
             _dataProtector = securityProvider.CreateProtector("login");
+            _loginHelper = loginHelper;
             enableAuth = bool.Parse(configuration["EnableAuth"]);
         }
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
@@ -45,11 +49,38 @@ namespace CarCareTracker.Middleware
             {
                 //auth is enabled by user, we will have to authenticate the user via a ticket retrieved from the auth cookie.
                 var access_token = _httpContext.HttpContext.Request.Cookies["ACCESS_TOKEN"];
-                if (string.IsNullOrWhiteSpace(access_token))
+                //auth using Basic Auth for API.
+                var request_header = _httpContext.HttpContext.Request.Headers["Authorization"];
+                if (string.IsNullOrWhiteSpace(access_token) && string.IsNullOrWhiteSpace(request_header))
                 {
                     return AuthenticateResult.Fail("Cookie is invalid or does not exist.");
                 }
-                else
+                else if (!string.IsNullOrWhiteSpace(request_header))
+                {
+                    var cleanedHeader = request_header.ToString().Replace("Basic ", "").Trim();
+                    byte[] data = Convert.FromBase64String(cleanedHeader);
+                    string decodedString = System.Text.Encoding.UTF8.GetString(data);
+                    var splitString = decodedString.Split(":");
+                    if (splitString.Count() != 2)
+                    {
+                        return AuthenticateResult.Fail("Invalid credentials");
+                    } else
+                    {
+                        var validUser = _loginHelper.ValidateUserCredentials(new LoginModel { UserName = splitString[0], Password = splitString[1] });
+                        if (validUser)
+                        {
+                            var appIdentity = new ClaimsIdentity("Custom");
+                            var userIdentity = new List<Claim>
+                            {
+                                new(ClaimTypes.Name, splitString[0])
+                            };
+                            appIdentity.AddClaims(userIdentity);
+                            AuthenticationTicket ticket = new AuthenticationTicket(new ClaimsPrincipal(appIdentity), this.Scheme.Name);
+                            return AuthenticateResult.Success(ticket);
+                        }
+                    }
+                }
+                else if (!string.IsNullOrWhiteSpace(access_token))
                 {
                     //decrypt the access token.
                     var decryptedCookie = _dataProtector.Unprotect(access_token);
@@ -84,6 +115,14 @@ namespace CarCareTracker.Middleware
         }
         protected override Task HandleChallengeAsync(AuthenticationProperties properties)
         {
+            if (Request.RouteValues.TryGetValue("controller", out object value))
+            {
+                if (value.ToString().ToLower() == "api")
+                {
+                    Response.StatusCode = 401;
+                    return Task.CompletedTask;
+                }
+            }
             Response.Redirect("/Login/Index");
             return Task.CompletedTask;
         }