Skip to content

Releases: softawaregmbh/library-authentication

Basic prevent timing-attacks

12 Nov 07:06
@meinsiedler meinsiedler
5.0.2-basic
10ef04e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Basic prevent timing-attacks

What's Changed

  • Use CryptographicOperations.FixedTimeEquals for password and hash comparison to prevent timing-attacks by @meinsiedler in #28

Contributors

meinsiedler
Loading

HMAC prevent timing-attacks

12 Nov 07:05
@meinsiedler meinsiedler
5.0.1-hmac
10ef04e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
HMAC prevent timing-attacks

What's Changed

  • Use CryptographicOperations.FixedTimeEquals for password and hash comparison to prevent timing-attacks by @meinsiedler in #28

Contributors

meinsiedler
Loading

SAS Token Authentication

07 May 08:43
@meinsiedler meinsiedler
6.0.0
4f536bb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
SAS Token Authentication Latest
Latest

This release adds support for SAS (Shared Access Signature) token authentication.

See the README for more details.

Assets 2
Loading

.NET8.0

16 Apr 07:39
@doerrD doerrD
5.0.0
8d416c2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
.NET8.0

What's Changed

  • Upgrade to .net8.0
  • Upgrade all dependencies (also one security vulnerability)

Breaking Changes

  • Drop netstandard2.0 support
Loading

Support multiple hashing algorithms, drop .NET 4.6.1 support

27 Mar 16:22
@meinsiedler meinsiedler
4.0.0
87cd8e0
This commit was signed with the committer’s verified signature.
meinsiedler Michael Einsiedler
SSH Key Fingerprint: ed42F6x/6ueCAZTnHOraDukC1cQKHwGqN5YYbSMhlr4
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Support multiple hashing algorithms, drop .NET 4.6.1 support

New Features

  • Hash algorithm in header by @meinsiedler in #17
    • The default request body hashing method is now SHA-256.

Breaking Changes

  • Drop support for .NET 4.6.1 by @meinsiedler in #16
  • ApiKeyDelegatingHandler constructor with inner delegating handler: Order of parameters changed. The inner HttpMessageHandler is now the first constructor parameter.

Upgrade guide

With #17 it is now possible to specify the hashing algorithm to be used. If you have used this library in an older version before, we recommend the following upgrade path:

  1. Update the server's NuGet package softaware.Authentication.Hmac.AspNetCore to latest version. This version is backwards compatible with an older version of the client.
  2. Update the client's NuGet package softaware.Authentication.Hmac.Client to latest version after the server has been deployed with the latest version. This version now uses SHA-256 request body hashing by default.

With this approach, no breaking changes occur at the deployed environment as the backwards compatibility is ensured.

Full Changelog: 3.4.0-hmac...4.0.0

Contributors

meinsiedler
Loading

HMAC 3.4.0: SHA-256 support for request body hashing

23 Mar 14:55
@meinsiedler meinsiedler
3.4.0-hmac
f77aefb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
HMAC 3.4.0: SHA-256 support for request body hashing

This release prepares for upgrading the request body hashing from MD5 to SHA-256.

This is an intermediate release for upgrading the library without breaking changes. The new options will be removed again in the next major release and only SHA-256 will be supported in future.

New Features

softaware.Authentication.Hmac.AspNetCore

  • New Option AllowMD5AndSHA256RequestBodyHash in HmacAuthenticationSchemeOptions: If true, the request body hash will be validated with MD5 hash and SHA265 hash. Note that this setting is only relevant when the http request has a body. (Default: true)

softaware.Authentication.Hmac.Client

  • The ApiKeyDelegatingHandler now supports passing a new enum RequestBodyHashingMethod to the constructor to set the hash algorithm to be used for the request body hashing. Possible options are MD5 and SHA256

Upgrade guide

  • Upgrade the softaware.Authentication.Hmac.AspNetCore to support both MD5 and SHA-256.
  • Deploy the server part.
    • The client still sends request with MD5 hash which will be accepted by server.
  • Update the softaware.Authentication.Hmac.Client and set the RequestBodyHashingMethod to SHA256.
    • The server will accept SHA-256 hashes too.

The next major releases will support SHA-256 only.

What's Changed

Full Changelog: 3.3.0-hmac...3.4.0-hmac

Contributors

meinsiedler
Loading

3.3.0 HMAC

28 Mar 09:10
@meinsiedler meinsiedler
3.3.0-hmac
8ff6fdc

Choose a tag to compare

View all tags
3.3.0 HMAC

What's Changed

New Contributors

Full Changelog: 3.1.0...3.3.0-hmac

Contributors

rschacherl and funcmike
Loading

3.2.0 HMAC

02 Nov 12:17
@meinsiedler meinsiedler
3.2.0-hmac
fbacdc4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.2.0 HMAC

Add IHmacAuthorizationProvider interface to allow custom implementations for getting HMAC apps. (#6)

Loading

3.1.0

18 Dec 17:14
@meinsiedler meinsiedler
3.1.0
1f5b039

Choose a tag to compare

View all tags
3.1.0

New Features

  • This release adds support for netstandard2.0 for the projects softaware.Authentication.Basic.AspNetCore and softaware.Authentication.Basic.AspNetCore and removes the depdendency to netcoreapp3.1.
  • On successful authentication, the ClaimsIdentity now contains a claim of type NameIdentitifier. For basic authentication, this is the username, for HMAC authentication, this is the AppId.
Loading

3.0.0

09 Dec 10:26
@meinsiedler meinsiedler
3.0.0
37245df

Choose a tag to compare

View all tags
3.0.0

This release adds support for .NET Core 3.1 and drops the support for .NET 4.6.2 for the ASP.NET Core packages softaware.Authentication.Hmac.AspNetCore and softaware.Authentication.Basic.AspNetCore.

If you want to support .NET Core 2.2 or .NET 4.6.2 use the previous version of this package.

Loading