39 Applying ASP.NET Core Identity

This chapter covers

Authenticating users with ASP.NET Core Identity
Implementing and enforcing an authorization policy
Using bearer tokens instead of authentication cookies for web services or JavaScript clients

In this chapter, I explain how ASP.NET Core Identity is applied to authenticate users and authorize access to application features. I create the features required for users to establish their identity, explain how access to endpoints can be controlled, and demonstrate the security features that Blazor provides. I also show two different ways to authenticate web service clients. Table 39.1 provides a guide to the chapter.

Table 39.1 Chapter guide (view table figure)

Problem	Solution	Listing
Authenticating users	Use the `SignInManager<T>` class to validate the credentials users provide and use the built-in middleware to trigger authentication.	3–8
Restricting access to endpoints	Use the `Authorize` attribute and the built-in middleware to control access.	9–13
Restricting access to Blazor components	Use the `Authorize` attribute and the built-in Razor Components to control access.	14–17
Restricting access to web services	Use cookie authentication or bearer tokens.	18–30

39.1 Preparing for this chapter

39.2 Authenticating users

39.2.1 Creating the login feature

39.2.2 Inspecting the ASP.NET Core Identity cookie

39.2.3 Creating a Sign-Out page

39.2.4 Testing the authentication feature

39.2.5 Enabling the Identity authentication middleware

39.3 Authorizing access to endpoints

39.3.1 Applying the authorization attribute

39.3.2 Enabling the authorization middleware

39.3.3 Creating the access denied endpoint

39.3.4 Creating the seed data

39.3.5 Testing the authentication sequence

39.4 Authorizing access to Blazor applications

39.4.1 Performing authorization in Blazor components

39.4.2 Displaying content to authorized users

39.5 Authenticating and authorizing web services

39.5.1 Building a simple JavaScript client