Asp.net Core Web API Security Implementation

In this tutorial you will learn how to implement security in asp.net core web api using different types of Authentication.

There are different ways we can implement security in Asp.Net Core web API. All approaches are very similar with some differences, at the end every mechanism produce set some credentials to be transferred over http protocol, and the middleware service to be added in “ConfigureServices” of startup.cs

Here are some of commonly used authentication approaches with example

• Here is the complete implementation of Asp.net Core Web API Basic Authentication
  In startup file, we need to register the authentication middleware.

  services.AddAuthentication("BasicAuthentication")
          .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
  

• Look at JWT Token Authentication in Asp.net Core Web API details, notice, how AddJwtBearer middleware has been configured.

      services.AddAuthentication(options =<
  {
  	options.DefaultAuthenticateScheme = "JwtBearer";
  	options.DefaultChallengeScheme = "JwtBearer";
  });
  	.AddJwtBearer("JwtBearer", jwtBearerOptions =<
  	{
  		jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
  		{
  			ValidateIssuerSigningKey = true,
  			IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ABCDE-1234567890")),
  			ValidateIssuer = true,
  			ValidIssuer = "WTR-OrderService Asp.net Core",
  			ValidateAudience = true,
  			ValidAudience = "The name of the audience",
  			ValidateLifetime = true, //validate the expiration and not before values in the token
  			ClockSkew = TimeSpan.FromMinutes(5) //5 minute tolerance for the expiration date
  		};
  	});
  

• External Provider Authentication (like Google, Facebook, LinkedIn)
• Azure Active Directory Authentication
• Identity Server
  Here is a post about Identity configuration in Asp.net core.