ASP.NET Core Authentication and Authorization – Part 1

Hi Friends,

In this section, we are just going to focus on the authentication and authorization schemes around ASP.NET Core formerly known as ASP.NET 5. Ideally, authentication means, you got the right to enter like you got the ID card and swipe in office.

auth

But, Authorization is like your drawer access, which only you or off-course admin has.

authoSo, without wasting time, let us get started. Here, I have created one simple ASP.NET 5 App with basic template

223

224th

Then, I selected Individual User Account, so that I can have access to variety of different level of cookie based authentications available to me. Another option work and school account is basically business app authentication I would say, as it uses service like Azure AD to get the app authenticated. So, this piece needs Azure setup as well. Anyways, we will see that piece in different post. But, for this one, we will continue with Individual Account.

225

Once, the project got created, it will present the default template like shown below.

226th

227th

Now, if I simply go ahead and run the app, It will produce the below page.

228th

Here, you can see that Register and Login link is there. Therefore, from here you can go ahead register yourself and login as well with registered credentials. Current view is anonymous view means which any user can see. Now, Let us inspect the components it installed with the template to bring the authentication in the app.

229th

So, if you see the above screenshot, I have highlighted the authentication dependency. Also, Sql server is pretty much required for local persistence obviously.

Now, let us look at the middleware code. One point to note that in ASP.NET Core, everything is on demand basis, means you setup the component which you need. Since, we have chosen, default ASP.NET 5 Template with Individual User Account, hence every required component got installed already for us.

In the above snippet, you can see that it is not only configuring Sql Server with Entity Framework, rather it is also setting up ASP.NET Identity. Now, let me go ahead and register my self with the portal.

230th

Once, registration done, then it will take me to the home page, like shown below.

231th

Here, you can see that it flagged my email id at the header section. Now, let us go ahead and let’s make a page restricted for anonymous user say about page.

232nd

Now, if I log off and refresh the page and then go to contact page, then it will ask me to authenticate yourself 1st, because this page has become secured page means only authenticated users can see this page.

233rd

Till now, whatever we have seen there is nothing fancy, same old thing but the implementation technique gets different. In coming sections, we will see what new things around authentication/authorization has been introduced and will try to play around that. Till then stay tuned and Happy Coding.

Thanks,
Rahul Sahay
Happy Coding

5,063 total views, 1 views today