8 Application Security in Aspire
This chapter covers
- The fundamentals of application security
- Overview of Single Sign-On
- Implementing OpenID Connect Authentication in Aspire
- Using OAuth Authorization in Aspire
- Securing the Aspire dashboard
We briefly covered application security in Chapter 2 by adding a Keycloak container to an Aspire instance. In this chapter, we will delve deeper into the application security concepts. We will do so by enforcing authentication and authorization end-to-end, so it applies both when the user interacts with the UI and when the front-end interacts with the back-end API..
If you publish a web application and make it publicly accessible, you will want to make sure only authorized users can access it, unless, of course, your application is just a trivial website.
Applications orchestrated by Aspire are no exception. Because Aspire is a platform for building complex distributed applications, chances are that you aren’t using it to build trivial websites. Therefore, knowing how to secure your orchestrated application is a must.