39 Applying ASP.NET Core Identity
This chapter covers
- Authenticating users with ASP.NET Core Identity
- Implementing and enforcing an authorization policy
- Using bearer tokens instead of authentication cookies for web services or JavaScript clients
In this chapter, I explain how ASP.NET Core Identity is applied to authenticate users and authorize access to application features. I create the features required for users to establish their identity, explain how access to endpoints can be controlled, and demonstrate the security features that Blazor provides. I also show two different ways to authenticate web service clients. Table 39.1 provides a guide to the chapter.
Table 39.1 Chapter guide (view table figure)
Problem |
Solution |
Listing |
---|---|---|
Authenticating users |
Use the SignInManager<T> class to validate the credentials users provide and use the built-in middleware to trigger authentication. |
3–8 |
Restricting access to endpoints |
Use the Authorize attribute and the built-in middleware to control access. |
9–13 |
Restricting access to Blazor components |
Use the Authorize attribute and the built-in Razor Components to control access. |
14–17 |
Restricting access to web services |
Use cookie authentication or bearer tokens. |
18–30 |