In this section, we are just going to focus on the authentication and authorization schemes around ASP.NET Core formerly known as ASP.NET 5. Ideally, authentication means, you got the right to enter like you got the ID card and swipe in office.
But, Authorization is like your drawer access, which only you or off-course admin has.
Then, I selected Individual User Account, so that I can have access to variety of different level of cookie based authentications available to me. Another option work and school account is basically business app authentication I would say, as it uses service like Azure AD to get the app authenticated. So, this piece needs Azure setup as well. Anyways, we will see that piece in different post. But, for this one, we will continue with Individual Account.
Once, the project got created, it will present the default template like shown below.
Now, if I simply go ahead and run the app, It will produce the below page.
Here, you can see that Register and Login link is there. Therefore, from here you can go ahead register yourself and login as well with registered credentials. Current view is anonymous view means which any user can see. Now, Let us inspect the components it installed with the template to bring the authentication in the app.
So, if you see the above screenshot, I have highlighted the authentication dependency. Also, Sql server is pretty much required for local persistence obviously.
Now, let us look at the middleware code. One point to note that in ASP.NET Core, everything is on demand basis, means you setup the component which you need. Since, we have chosen, default ASP.NET 5 Template with Individual User Account, hence every required component got installed already for us.
In the above snippet, you can see that it is not only configuring Sql Server with Entity Framework, rather it is also setting up ASP.NET Identity. Now, let me go ahead and register my self with the portal.
Once, registration done, then it will take me to the home page, like shown below.
Here, you can see that it flagged my email id at the header section. Now, let us go ahead and let’s make a page restricted for anonymous user say about page.
Now, if I log off and refresh the page and then go to contact page, then it will ask me to authenticate yourself 1st, because this page has become secured page means only authenticated users can see this page.
Till now, whatever we have seen there is nothing fancy, same old thing but the implementation technique gets different. In coming sections, we will see what new things around authentication/authorization has been introduced and will try to play around that. Till then stay tuned and Happy Coding.