Introduction: Securing the Backend Using Auth0

An overview of securing the backend of the app using authentication and authorization.

We'll cover the following

Overview

Overview

In this chapter, we'll implement authentication and authorization in our “Q&A” app. We will use a popular service called Auth0, which implements OpenID Connect (OIDC), to help us to do this. We will start by understanding what OIDC is and why it is a good choice, before getting our app to interact with Auth0.

At the moment, our web API is accessible by unauthenticated users, which is a security vulnerability. We will resolve this vulnerability by protecting the necessary endpoints with simple authorization. This will mean that only authenticated users can access protected resources.

Authenticated users shouldn't have access to everything, though. We will learn how to ensure authenticated users only get access to what they are allowed to by using custom authorization policies.

We'll also learn how to get details about authenticated users so that we can include them when questions and answers are saved to the database.

We will end the section by enabling cross-origin requests in preparation for allowing our frontend to access the REST API.

Get hands-on with 1200+ tech skills courses.

Introduction

Getting Started

Creating Decoupled React and ASP.NET 5 Apps

Building a Frontend with React and TypeScript

Styling React Components with Emotion

Routing with React Router

Working with Forms

Managing State with Redux

Interacting with the Database with Dapper

Creating REST API Endpoints

Improving Performance and Scalability

Securing the Backend

Interacting with RESTful APIs

Adding Automated Tests

Configuring and Deploying to Azure

Implementing CI and CD with Azure DevOps

Conclusion

Introduction: Securing the Backend Using Auth0

Overview