Authentication and Authorization in .NET Core

Summary: As the tech business development marketplace evolves with the days the security risks related to it take a surge. This leads to the need for restricting access to a few resources within the application to authorized users only as it allows the server to determine which resources the user should have access to. In this blog post, we will have a deeper look into the Authentication and Authorization in .NET Core to ensure the safety and security of your .NET business application.

Understanding Authentication in .NET Core

Authentication in .NET Core refers to the process of determining the identity of a user. Authorization, on the other hand, refers to the process of determining whether a user has access to a resource. Explaining it further Authentication in .NET Core is a process where the identity of the users is verified by those who wish to attempt to access an application or a system. Authentication further ensures that the real user only is accessing the said data. In Authentication generally requires validating the user credentials such as usernames, and passwords, against a trusted source. Such as a database or an identity provider.

Authorization on the other hand is the process of determining the actions authenticated that users can perform within the application. It ensures that the authenticated users here have access to resources and functionalities that align with their assigned or granted roles and permissions.

Implementing the JWT Authentication .NET Core

The JSON Web Tokens or JWT are a renowned way to implement authentication within modern web applications referring to their stateless nature and scalability. In .NET Core JWT authentication requires generating the token upon successful login and validating it with each subsequent request.

You can refer to the steps given below to implement JWT authentication in .NET Core:

Step 1: Install the required packages

<code> 

dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer 

</code>

Step 2: Configure the JWT authentication middleware 'Startup.cs'

<code>

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Text;

public void ConfigureServices(IServiceCollection services)
{
// Other configurations within the code...

services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "yourIssuer",
ValidAudience = "yourAudience",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("yourSecretKey"))
};
});

// Other services...
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// Middleware configurations...

app.UseAuthentication();
app.UseAuthorization();

// Other configurations within the code...

</code>

Step 3: Generate the JWT tokens after the successful authentication and then include them within the responses.

Explore The Role Based Authorization in .NET Core

The Role Based Authorization in .NET Core grants access to the resources based on the predefined roles that are already assigned to the users. Let us now look at the steps to implement the same: