Traefik v2 BasicAuth Middleware: having troubles enabling auth for any container different than Dashboard

Question

I'm not really an expert and I'm working on Traefik with Docker for the first time: ideally, I would like to expose a service (ie. a Docker Container with a ready-to-use-app, in this example Koodo Reader) while being protected from *massively easy public access***^(*) using a BasicAuth Middleware, much like it's done with the Traefik Dashboard Example.

This is the docker-compose.yml I'm using for Traefik:

services:
  traefik:
    image: "traefik:v2.5"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.webbooks.address=:8018"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=dynu"
      - "--certificatesresolvers.myresolver.acme.email=xxxxxx"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      # Global HTTP -> HTTPS
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      # Enable dashboard
      - "--api.dashboard=true"
      # Patch Unifi
      - "--serversTransport.insecureSkipVerify=true"
    ports:
      - "80:80"
      - "443:443"
      - "853:853"
      - "53:53"
      - "53:53/udp"

    environment:
      - "DYNU_API_KEY=xxxxxx"
      - "DYNU_HTTP_TIMEOUTY=300"
      - "DYNU_POLLING_INTERVAL=200"
      - "DYNU_PROPAGATION_TIMEOUT=250"
      - "DYNU_TTL=120"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "traefik/whoami"
    container_name: "traefik-whoami"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`xxxxxx.dynu.net`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
      - "traefik.http.routers.whoami.service=api@internal"
      - "traefik.http.routers.whoami.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=user:xxxhashpassxxx

This configuration works, and I receive an auth prompt when accessing the Traefik Dashboard.

The other container is an instance of Koodo, controlled through Portainer Business. These are the labels attached to the Koodo container, which I'm able to access via https at my own xxxxxx*.dynu.net* address; but still, no authorization is required.

I'm quite sure this has to do with a macroscopic error on my side, but I couldn't figure it out. And all tutorials/guides/docs I could read always points to the same "easy" solution: defining a basicauth.users middelware and then assigning/calling it.

traefik.http.middlewares.Koodo-redirect-websecure.redirectscheme.scheme = https
traefik.http.routers.Koodo-web.entrypoints = web
traefik.http.routers.Koodo-web.middlewares = Koodo-redirect-websecure
traefik.http.routers.Koodo-web.rule = Host(`xxxxxx.dynu.net`)
traefik.http.routers.Koodo-websecure.entrypoints = websecure
traefik.http.routers.Koodo-websecure.rule = Host(`xxxxxx.dynu.net`)
traefik.http.routers.Koodo-websecure.tls = true
traefik.http.routers.Koodo-websecure.tls.certresolver = myresolver
traefik.http.middlewares.kauth.basicauth.users = neoread:xxxxxxx
traefik.http.routers.Koodo.middlewares= kauth
traefik.http.services.Koodo-websecure.loadbalancer.server.port = 80

Thank you in advance for your time reading this and any insight you may want to share.