5 Application security in Aspire
This chapter covers
- The fundamentals of application security
- Overview of Single sign-on
- Implementing OpenID Connect Authentication in .NET Aspire
- Using OAuth Authorization in .NET Aspire
- Securing the Aspire dashboard
If you publish a web application and make it publicly accessible, you will want to make sure only authorized users can access it, unless, of course, your application is just a trivial website.
Applications orchestrated by .NET Aspire are no exception. Because .NET Aspire is a platform for building complex distributed applications, chances are that you aren’t using it to build trivial websites. Therefore, knowing how to secure your orchestrated application is a must.
Of course, if you use an external authentication provider, like Google or Okta, you won’t have to do anything special in your Aspire setup. There will be a fixed endpoint outside of your system that you will need to connect and you will just need to apply appropriate configuration in an appropriate place.
However, not all application types can use an external provider. There are many situations where you would need to manage all the security internally. For example, in a certain industry, such as banking or defense, there may be a compliance requirement for you to do so.