8 Application security in .NET Aspire
This chapter covers
- The fundamentals of application security
- Overview of Single Sign-On
- Implementing OpenID Connect Authentication in .NET Aspire
- Using OAuth Authorization in .NET Aspire
- Securing the Aspire dashboard
We briefly covered application security in Chapter 2 by adding a Keycloak container to a .NET Aspire instance. In this chapter, we will delve deeper into the application security concepts. We will do so by doing something interesting – building our own identity provider and hosting it in .NET Aspire.
If you publish a web application and make it publicly accessible, you will want to make sure only authorized users can access it, unless, of course, your application is just a trivial website.
Applications orchestrated by .NET Aspire are no exception. Because .NET Aspire is a platform for building complex distributed applications, chances are that you aren’t using it to build trivial websites. Therefore, knowing how to secure your orchestrated application is a must.
Of course, if you use an external authentication provider, like Google or Okta, you won’t have to do anything special in your Aspire setup. There will be a fixed endpoint outside of your system that you will need to connect and you will just need to apply the appropriate configuration in the appropriate place.