-
Notifications
You must be signed in to change notification settings - Fork 161
Authentication explained
ASP.NET Core breaks up the handling of logged-in users into two parts:
- Authentication, which holds a list of valid users, say by email, and their credentials, such as a password, so that when they log in it can confirm that someone is who they says they are. It also manages where the logged-in users details are held, e.g. Cookie or JWT Token.
- Authorization, which uses the logged-in users details to define what features that user can access within the application.
The AuthP library relies on the various authentication providers in ASP.NET Core. These authentication providers break down into two types:
- Local authentication providers: ASP.NET Core has a Individual User Accounts authentication providers which holds user's email and password using a database and handles the login/validation of users. This approach has been around for many years and provides a simple solution. NOTE: you can create your own version of this local authentication provider - see this article.
-
External authentication providers: These work by providing an external service that holds the user's definition (e.g. email and credentials) and checks that the user that is logging is valid. These typically use OAuth2 and/or OpenId (see this article to explain these terms). There are many of these such as
- Social services, such as Facebook, Google, Twitter...
- Azure Active Directory - shortened to Azure AD.
- Windows Authentication... an so on.
How AuthP links to an authentication provider depends on whether you are storing the logged-in user's details in a Cookie or you are using a JWT Token. If you are using AuthP's JWT Token Builder, then this will work with any type of authentication providers. But if you are using a Cookie to store the user's details, then you need to intercept the adding of claims to the cookie so that AuthP can add its extra claims to hold the user's Permissions and optionally its multi-tenant DataKey claim.
AuthP library has built-in link to the following ASP.NET Core authentication providers
- Individual Accounts authentication provider via the
IndividualAccountsAuthentication()extension method. This just works and needs little extra code from you. - Azure AD authentication provider via the
IndividualAccountsAuthentication(...some data here...)extension method. This has some settings and options (see Setup Authentication about the options) that you need to set up (NOTE: I found setting up the Azure AD wasn't that simple)
Over time I might add links to other ASP.NET Core authentication providers, but if your authentication provider uses OpenId (which most do), then you can copy how AuthP's Azure AD link to authentication provider, as all the external authentication providers follow the same pattern. I cover this in the Setup Authentication.
- Intro to multi-tenants (ASP.NET video)
- Articles in date order:
- 0. Improved Roles/Permissions
- 1. Setting up the database
- 2. Admin: adding users and tenants
- 3. Versioning your app
- 4. Hierarchical multi-tenant
- 5. Advanced technique with claims
- 6. Sharding multi-tenant setup
- 7. Three ways to add new users
- 8. The design of the sharding data
- 9. Down for maintenance article
- 10: Three ways to refresh claims
- 11. Features of Multilingual service
- 12. Custom databases - Part1
- Videos (old)
- Authentication explained
- Permissions explained
- Roles explained
- AuthUser explained
- Multi tenant explained
- Sharding explained
- How AuthP handles sharding
- How AuthP handles errors
- Languages & cultures explained
- JWT Token refresh explained
- Setup Permissions
- Setup Authentication
- Startup code
- Setup the custom database feature
- JWT Token configuration
- Multi tenant configuration
- Using Permissions
- Using JWT Tokens
- Creating a multi-tenant app
- Supporting multiple languages
- Unit Test your AuthP app