11 SportsStore: Security and deployment

 

This chapter covers

  • Authenticating users with ASP.NET Core Identity
  • Authorizing user access to ASP.NET Core resources
  • Preparing and publishing an application
  • Creating a Docker container image for the SportsStore application

Authentication and authorization are provided by the ASP.NET Core Identity system, which integrates neatly into the ASP.NET Core platform and the individual application frameworks. In the sections that follow, I will create a basic security setup that allows one user, called Admin, to authenticate and access the administration features in the application. ASP.NET Core Identity provides many more features for authenticating users and authorizing access to application features and data, and you can find more information in chapters 37 and 38, where I show you how to create and manage user accounts and how to perform authorization using roles. But, as I noted previously, ASP.NET Core Identity is a large framework in its own right, and I cover only the basic features in this book.

My goal in this chapter is just to get enough functionality in place to prevent customers from being able to access the sensitive parts of the SportsStore application and, in doing so, give you a flavor of how authentication and authorization fit into an ASP.NET Core application.

11.1 Creating the Identity database

11.1.1 Installing the Identity package for Entity Framework Core

11.1.2 Creating the context class

11.1.3 Defining the connection string

11.1.4 Configuring the application

11.1.5 Creating and applying the database migration

11.1.6 Defining the seed data

11.2 Adding a conventional administration feature

11.3 Applying a basic authorization policy

11.4 Creating the account controller and views

11.5 Testing the security policy

11.6 Preparing ASP.NET Core for deployment

11.6.1 Configuring error handling

11.6.2 Creating the production configuration settings

11.6.3 Creating the Docker image

11.6.4 Running the containerized application

Summary