ASP.NET CORE AUTHENTICATION AND AUTHORIZATION
UNDERSTAND THE AUTHENTICATION AND AUTHORIZATION STEPS
Authentication and authorization are crucial parts of most web applications, take lecture content as an example, it should not be shown to everyone, but only to a subset of users, namely those who have purchased the course. So, too, should the modification that should be the prerogative only of the person who created the course. In and start with authentication. Suppose we go to vote, so we go to the polling station. The poll worker does not let us vote right away, but first wants to make sure of our identity. To do this we show one of our documents.
In web applications it is exactly the same thing, only instead of showing up at the polling station, the user shows up on a page in our application. If he wants to access this page he will have to show a valid document.
We will not show the document card but an authentication cookie, which is still a valid document, issued sa a reliable authority and displayed by the user’s browser.
Let’s take a closer look at what an authentication cookie looks like.
Consisting of a name and a value, this cookie was generated by ASP.NET Core and delivered to the user’s browser. The browser has stored it and returns it as such in all subsequent requests. The validity of the document consists of the integrity of the Cookie Value. Inside this value is the identity of the user, it is encrypted, and to us users not having the encryption key makes it impossible for us to trace the contents. The reliable authority is ASP.NET Core. Cookies can also be created for other things, not the least of which is seeing users’ consumption habits. Let’s see in ASP.NET Core how to get an authentication cookie.
The authentication cookie is created at the Login or Register stage, enter e-mail and password is used to ascertain our identity.
These are the benefits of cookies.
Authorization is a distinct phase from the previous ones and follows authentication. It is regulated on the basis of well-defined policies.
Let us see a brief summary with the time sequence.
ASP.NET CORE IDENTITY ARCHITECTURE
ASP.NET Core Identity is the product we will use to manage our users’ data.
It consists of four NuGet packages. The first AspNetCore.Identity.UI this is the user interface package.
There are many of them with related InputModels that we will see as we go along. The second is AspNetCore.Identity.EntityFrameworkCore. This package has to do with persistence; in fact, it deals with persisting the data of various user interfaces.
The third package is Extensions.Identity.Stores. This package represents the identity of the user.
It is virtually impossible to trace the user’s password. Let’s look at the last package Extensions.Identity.Core. In here we find The UserManager fundamental class in this architecture.
INSTALL ASP.NET CORE IDENTITY IN AN EXISTING PROJECT
Let’s see how to install first in new project then in existing project.
Suppose the user arrives with an authentication token and tries to view the course edit page. The user has shown a valid document and Authentication Middleware determines the identity of the user. Determining which page it wants to view is the Endpoint Routing Middleware, if the user is not authorized to view the page it is the Authorization Middleware that directly provides the answer to the user.
Link to the following address to see the login page: https://localhost:5001/Identity/account/login
LINK TO CODE ON GITHUB
Download the section17 code or the master branch or clone the GITHUB repository to have all the sections available in your favorite editor. See the README.md file to find user and password to send e-mail with mailtrap.io. You also need to find the codes to implement ReCaptcha. Below is an image from Google’s site.
Leave A Comment