Basic authentication, as its name suggests, is a very basic authentication mechanism, and is not too secure when it comes to stopping attackers. Here, I have jotted down the following security vulnerabilities in the authentication process:
- Credentials: The required credentials are the most important security concern that could lead to security breaches, which could in turn further exploit the system's weak security.
- Request: Requests can be tampered with, and could lead to a big security breach; with basic authentication, every request carries the credentials (username and password), which can be tampered with and used to further exploit the system.
- Closing the browser session: There is a concern that should be high priority—there is no ability to log out from an application using the basic authentication method, unless the user closes the browser to destroy the browser session themselves.
You can look at the official web page at https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/basic-authentication for more information.
There might be more security concerns that make the basic authentication mechanism the weakest with respect to web application security.
Basic authentication leads to various security concerns. I am not going to showcase these using code examples of basic authentication, but if you still want to test the basic authentication mechanism, then I suggest that you extract the code from the forked GitHub repository at https://github.com/garora/Bazinga.AspNetCore.Authentication.Basic.