dj-nitehawk/AuthenticationHandler.cs

## AuthenticationHandler.cs
public class BasicAuth(IOptionsMonitor<AuthenticationSchemeOptions> options,
                       ILoggerFactory logger,
                       UrlEncoder encoder)
    : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
{
    internal const string SchemeName = "Basic";

    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        if (IsPublicEndpoint() || !Request.Headers.ContainsKey("Authorization"))
            return Task.FromResult(AuthenticateResult.NoResult());

        var authHeader = Request.Headers.Authorization[0];

        if (authHeader?.StartsWith(SchemeName) is true)
        {
            var token = authHeader[SchemeName.Length..].Trim();
            var credentials = Encoding.UTF8.GetString(Convert.FromBase64String(token)).Split(':');

            if (credentials[0] == "admin" && credentials[1] == "password")
            {
                var claims = new[]
                {
                    new Claim("name", credentials[0]),
                    new Claim(ClaimTypes.Role, "Admin")
                };
                var identity = new ClaimsIdentity(claims, SchemeName);
                var principal = new ClaimsPrincipal(identity);
                var ticket = new AuthenticationTicket(principal, SchemeName);

                return Task.FromResult(AuthenticateResult.Success(ticket));
            }

            Response.StatusCode = 401;
            Response.Headers.Append("WWW-Authenticate", "Basic realm=\"website.com\"");

            return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
        }

        Response.StatusCode = 401;
        Response.Headers.Append("WWW-Authenticate", "Basic realm=\"website.com\"");

        return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
    }

    bool IsPublicEndpoint()
        => Context.GetEndpoint()?.Metadata.OfType<AllowAnonymousAttribute>().Any() is null or true;
}

## Program.cs
var bld = WebApplication.CreateBuilder();
bld.Services
   .AddFastEndpoints()
   .AddAuthorization()
   .AddAuthentication(BasicAuth.SchemeName)
   .AddScheme<AuthenticationSchemeOptions, BasicAuth>(BasicAuth.SchemeName, null);
bld.Services
   .SwaggerDocument(
       o =>
       {
           o.EnableJWTBearerAuth = false;
           o.DocumentSettings = s =>
                                {
                                    s.AddAuth(
                                        BasicAuth.SchemeName,
                                        new()
                                        {
                                            Name = "Authorization",
                                            In = OpenApiSecurityApiKeyLocation.Header,
                                            Type = OpenApiSecuritySchemeType.Basic
                                        });
                                };
       });

var app = bld.Build();
app.UseAuthentication()
   .UseAuthorization()
   .UseFastEndpoints()
   .UseSwaggerGen();
app.Run();

## ProtectedEndpoint.cs
[HttpGet("protected")]
sealed class MyEndpoint : EndpointWithoutRequest
{
    public override async Task HandleAsync(CancellationToken c)
    {
        await Send.OkAsync("you are allowed!");
    }
}
	public class BasicAuth(IOptionsMonitor<AuthenticationSchemeOptions> options,
	ILoggerFactory logger,
	UrlEncoder encoder)
	: AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
	{
	internal const string SchemeName = "Basic";

	protected override Task<AuthenticateResult> HandleAuthenticateAsync()
	{
	if (IsPublicEndpoint() \|\| !Request.Headers.ContainsKey("Authorization"))
	return Task.FromResult(AuthenticateResult.NoResult());

	var authHeader = Request.Headers.Authorization[0];

	if (authHeader?.StartsWith(SchemeName) is true)
	{
	var token = authHeader[SchemeName.Length..].Trim();
	var credentials = Encoding.UTF8.GetString(Convert.FromBase64String(token)).Split(':');

	if (credentials[0] == "admin" && credentials[1] == "password")
	{
	var claims = new[]
	{
	new Claim("name", credentials[0]),
	new Claim(ClaimTypes.Role, "Admin")
	};
	var identity = new ClaimsIdentity(claims, SchemeName);
	var principal = new ClaimsPrincipal(identity);
	var ticket = new AuthenticationTicket(principal, SchemeName);

	return Task.FromResult(AuthenticateResult.Success(ticket));
	}

	Response.StatusCode = 401;
	Response.Headers.Append("WWW-Authenticate", "Basic realm=\"website.com\"");

	return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
	}

	Response.StatusCode = 401;
	Response.Headers.Append("WWW-Authenticate", "Basic realm=\"website.com\"");

	return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
	}

	bool IsPublicEndpoint()
	=> Context.GetEndpoint()?.Metadata.OfType<AllowAnonymousAttribute>().Any() is null or true;
	}
	var bld = WebApplication.CreateBuilder();
	bld.Services
	.AddFastEndpoints()
	.AddAuthorization()
	.AddAuthentication(BasicAuth.SchemeName)
	.AddScheme<AuthenticationSchemeOptions, BasicAuth>(BasicAuth.SchemeName, null);
	bld.Services
	.SwaggerDocument(
	o =>
	{
	o.EnableJWTBearerAuth = false;
	o.DocumentSettings = s =>
	{
	s.AddAuth(
	BasicAuth.SchemeName,
	new()
	{
	Name = "Authorization",
	In = OpenApiSecurityApiKeyLocation.Header,
	Type = OpenApiSecuritySchemeType.Basic
	});
	};
	});

	var app = bld.Build();
	app.UseAuthentication()
	.UseAuthorization()
	.UseFastEndpoints()
	.UseSwaggerGen();
	app.Run();
	[HttpGet("protected")]
	sealed class MyEndpoint : EndpointWithoutRequest
	{
	public override async Task HandleAsync(CancellationToken c)
	{
	await Send.OkAsync("you are allowed!");
	}
	}