5.1.0 changes (#22)

- WWW-Authenticate challenge header now returns SchemeName as scheme part instead of ApiKeyOptions.KeyName
- WWW-Authenticate challenge header now has 2 new parameters 'in' and 'key_name' in value part  
- ForLegacyUseKeyNameAsSchemeNameOnWWWAuthenticateHeader added to the ApiKeyOptions
- In Authorization Header now able to use either SchemeName or ApiKeyOptions.KeyName when matching AuthorizationHeader Scheme
- Visibility of all the handlers changed to public
- Tests added
- Readme updated
- Copyright year updated on License

Author: mihirdilip

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020 Mihir Dilip
+Copyright (c) 2021 Mihir Dilip
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -16,11 +16,11 @@ public ApiKeyProvider(ILogger<IApiKeyProvider> logger, IApiKeyRepository apiKeyR
 			_apiKeyRepository = apiKeyRepository;
 		}
 
-		public Task<IApiKey> ProvideAsync(string key)
+		public async Task<IApiKey> ProvideAsync(string key)
 		{
 			try
 			{
-				return _apiKeyRepository.GetApiKeyAsync(key);
+				return await _apiKeyRepository.GetApiKeyAsync(key);
 			}
 			catch (System.Exception exception)
 			{

samples/SampleWebApi.Shared/Services/ApiKeyProvider.cs

@@ -12,7 +12,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.9" />
   </ItemGroup>
 

samples/SampleWebApi_2_0/SampleWebApi_2_0.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.2.0" PrivateAssets="All" />
   </ItemGroup>

samples/SampleWebApi_2_2/SampleWebApi_2_2.csproj

@@ -7,7 +7,7 @@
   <Import Project="..\SampleWebApi.Shared\SampleWebApi.Shared.projitems" Label="Shared" />
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.1.0" />
   </ItemGroup>
 
   <!--<ItemGroup>

samples/SampleWebApi_3_1/SampleWebApi_3_1.csproj

@@ -7,7 +7,7 @@
   <Import Project="..\SampleWebApi.Shared\SampleWebApi.Shared.projitems" Label="Shared" />
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.1.0" />
   </ItemGroup>
 
   <!--<ItemGroup>

samples/SampleWebApi_5_0/SampleWebApi_5_0.csproj

@@ -24,7 +24,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SampleWebApi_2_2", "..\samp
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SampleWebApi_3_1", "..\samples\SampleWebApi_3_1\SampleWebApi_3_1.csproj", "{CABEEEAE-3974-4CC4-97F1-18C8D2188DAF}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SampleWebApi_5_0", "..\samples\SampleWebApi_5_0\SampleWebApi_5_0.csproj", "{1E1E202B-EFB2-40FD-8271-659F36084916}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SampleWebApi_5_0", "..\samples\SampleWebApi_5_0\SampleWebApi_5_0.csproj", "{1E1E202B-EFB2-40FD-8271-659F36084916}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNetCore.Authentication.ApiKey.Tests", "..\test\AspNetCore.Authentication.ApiKey.Tests\AspNetCore.Authentication.ApiKey.Tests.csproj", "{EA2A367F-2D2D-4C20-8C32-C19F67E73187}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{A15FB7AB-5B7A-4428-BEBA-32DEE3C88C39}"
 EndProject
 Global
 	GlobalSection(SharedMSBuildProjectFiles) = preSolution
@@ -59,6 +63,10 @@ Global
 		{1E1E202B-EFB2-40FD-8271-659F36084916}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1E1E202B-EFB2-40FD-8271-659F36084916}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1E1E202B-EFB2-40FD-8271-659F36084916}.Release|Any CPU.Build.0 = Release|Any CPU
+		{EA2A367F-2D2D-4C20-8C32-C19F67E73187}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{EA2A367F-2D2D-4C20-8C32-C19F67E73187}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{EA2A367F-2D2D-4C20-8C32-C19F67E73187}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{EA2A367F-2D2D-4C20-8C32-C19F67E73187}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -69,6 +77,7 @@ Global
 		{FD2DF3AB-05C1-4145-827A-482C539B2491} = {3C777BBB-7464-43FB-A046-EA465791AB0C}
 		{CABEEEAE-3974-4CC4-97F1-18C8D2188DAF} = {3C777BBB-7464-43FB-A046-EA465791AB0C}
 		{1E1E202B-EFB2-40FD-8271-659F36084916} = {3C777BBB-7464-43FB-A046-EA465791AB0C}
+		{EA2A367F-2D2D-4C20-8C32-C19F67E73187} = {A15FB7AB-5B7A-4428-BEBA-32DEE3C88C39}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {70815049-1680-480A-BF5A-00536D6C9C20}

src/AspNetCore.Authentication.ApiKey.sln

@@ -16,14 +16,14 @@ namespace AspNetCore.Authentication.ApiKey
 	/// <summary>
 	/// Inherited from <see cref="AuthenticationHandler{TOptions}"/> for api key authentication.
 	/// </summary>
-	internal abstract class ApiKeyHandlerBase : AuthenticationHandler<ApiKeyOptions>
+	public abstract class ApiKeyHandlerBase : AuthenticationHandler<ApiKeyOptions>
 	{
 		protected ApiKeyHandlerBase(IOptionsMonitor<ApiKeyOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
 			: base(options, logger, encoder, clock)
 		{
 		}
 
-		private string Challenge => $"{Options.KeyName} realm=\"{Options.Realm}\", charset=\"UTF-8\"";
+		private string Challenge => $"{GetWwwAuthenticateSchemeName()} realm=\"{Options.Realm}\", charset=\"UTF-8\", in=\"{GetWwwAuthenticateInParameter()}\", key_name=\"{Options.KeyName}\"";
 
 		/// <summary>
 		/// Get or set <see cref="ApiKeyEvents"/>.
@@ -209,6 +209,29 @@ private async Task<IApiKey> ValidateUsingApiKeyProviderAsync(string apiKey)
 			}
 		}
 
+		private string GetWwwAuthenticateSchemeName()
+        {
+			return Options.ForLegacyUseKeyNameAsSchemeNameOnWWWAuthenticateHeader
+				? Options.KeyName
+				: Scheme.Name;
+        }
+
+		private string GetWwwAuthenticateInParameter()
+        {
+			var handlerType = this.GetType();
+
+			if (handlerType == typeof(ApiKeyInAuthorizationHeaderHandler))
+				return "authorization_header";
+			if (handlerType == typeof(ApiKeyInHeaderHandler))
+				return "header";
+			if (handlerType == typeof(ApiKeyInQueryParamsHandler))
+				return "query_params";
+			if (handlerType == typeof(ApiKeyInHeaderOrQueryParamsHandler))
+				return "header_or_query_params";
+
+			throw new NotImplementedException($"No parameter name defined for {handlerType.FullName}.");
+		}
+
 		private bool IgnoreAuthenticationIfAllowAnonymous()
 		{
 #if (NET461 || NETSTANDARD2_0)

src/AspNetCore.Authentication.ApiKey/ApiKeyHandlerBase.cs

@@ -12,7 +12,7 @@
 
 namespace AspNetCore.Authentication.ApiKey
 {
-	internal class ApiKeyInAuthorizationHeaderHandler : ApiKeyHandlerBase
+    public class ApiKeyInAuthorizationHeaderHandler : ApiKeyHandlerBase
 	{
 		public ApiKeyInAuthorizationHeaderHandler(IOptionsMonitor<ApiKeyOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
 			: base(options, logger, encoder, clock)
@@ -23,7 +23,9 @@ protected override Task<string> ParseApiKeyAsync()
 		{
 			if (Request.Headers.ContainsKey(HeaderNames.Authorization)
 					&& AuthenticationHeaderValue.TryParse(Request.Headers[HeaderNames.Authorization], out var headerValue)
-					&& headerValue.Scheme.Equals(Options.KeyName, StringComparison.OrdinalIgnoreCase)
+					&& (headerValue.Scheme.Equals(Scheme.Name, StringComparison.OrdinalIgnoreCase) 
+						|| headerValue.Scheme.Equals(Options.KeyName, StringComparison.OrdinalIgnoreCase)
+					)
 			)
 			{
 				return Task.FromResult(headerValue.Parameter);