Encoding and Decoding Basic Authentication Credentials in Web Server Programming in .NET

If you find yourself in a situation where you need to encode or decode basic authentication credentials in web server programming, it’s pretty easy to do this using .NET classes and C#. Basic authentication provides no obfuscation for credentials—this is why you should run it over an SSL channel to provide encryption—but it does use Base64 string encoding to ensure the characters in the credentials are handled properly in the URL query string.

Encoding Credentials for Basic Authentication

Encoding credentials is easy. The basic authentication specification states that you need to combine the username and password using a colon and then perform encoding. The following C# snippet shows a quick and handy way to encode basic auth credentials.

[sourcecode language=”csharp”]

// Combine the username and password using a colon character.
var unEncodedString = String.Format("{0}:{1}", username, password);

// Encode the string using Base64 by getting the bytes and passing to a helper method.
var encodedString = Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(unEncodedString));


Decoding Basic Authentication Credentials

You must perform a little more work to decode basic authentication credentials because you need to split the username and password after decoding the Base64 string. The C# snippet below shows a short and sweet method to perform decoding of basic auth credentials. Many times you can grab the credentials from the “Authorization” HTTP header.

[sourcecode language=”csharp”]

// Grab the Authorization header value from the Request.
string authorizationHeader = Request.Headers["Authorization"];

// Determine the beginning index of the Base64-encoded string in the Authorization header by finding the first space.
// Add 1 to the index so we can properly grab the substring.
var beginPasswordIndexPosition = authorizationHeader.IndexOf(‘ ‘) + 1;
var encodedAuth = authorizationHeader.Substring(beginPasswordIndexPosition);

// Decode the authentication credentials.
var decodedAuth = Encoding.UTF8.GetString(Convert.FromBase64String(encodedAuth));

// Split the credentials into the username and password portions on the colon character.
var splits = decodedAuth.Split(‘:’);
var username = splits[0];
var password = splits[1];


1 Comment

  1. Rajesh Singh


    I was reading your article and I would like to appreciate you for making it very simple and understandable. This article gives me a basic idea of Encoding and Decoding in ASP.Net and it will help me a lot. I had found another nice post with wonderful explanation on Encoding and Decoding in ASP.Net, for more details check out this link….

    Thank you very much!

Sign in
Forgot password?
Sign up

(*) Required fields

I agree with OptimaSales Terms & Privacy Policy