Claims-Based Authorization and Authentication

Explore how ASP.NET Core MVC handles access control through claims-based authorization and authentication. Understand authentication schemes, the role of cookies and JWT tokens, claim types, and the configuration needed to secure resources effectively.

We'll cover the following...

Authentication and authentication schemes

Challenge and forbid actions

Anatomy of claims, identities, and principals
Configuring authentication and authorization

Like all modern frameworks, ASP.NET Core authorizes access to resources using claims. Claims are assertions about the subject that needs to access the resources. They are obtained through a process called authentication, which is defined in manifests called authentication schemes.

Authentication and authentication schemes

Each authentication scheme specifies the kind of action needed for authenticating a user and to compute its claims. Authentication must not be confused with login. In fact, login is the process of obtaining credentials for being authenticated in subsequent requests, while authentication is the process of validating these credentials on each request, and of extracting claims from them. The application that issues your credentials can be different from the application where we use these credentials to authenticate.

Typical credentials used by web applications are cookies and JWT (JSON Web Token) tokens.

Cookies must be necessarily emitted by ...

Ask

1.Razor Template Language

Assessment

2.Tag Helpers

Assessment

3.Controllers and ViewModels

Assessment

4.Validation and Metadata

Assessment

5.Dependency Injection

6.Configuration and Options Framework

7.Localization and Globalization

8.Factoring out UI Logic

9.Authentication and Authorization

Assessment

10.Publishing Your Web Application

11.Conclusion

12.Appendix

Claims-Based Authorization and Authentication

Authentication and authentication schemes