Free Web Development Online Tutorials, Learn to Code
Web API Security in Core, Different type of Authentication for Core Web API Core Web API Security Implementation

In this tutorial you will learn how to implement security in core web api using different types of Authentication.

Different type of Authentication in Asp.Net Core

There are different ways we can implement security in Asp.Net Core web API. All approaches are very similar with some differences, at the end every mechanism produce set some credentials to be transferred over http protocol, and the middleware service to be added in “ConfigureServices” of startup.cs

Here are some of commonly used authentication approaches with example

  • Core Web API Basic Authentication
            .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
  • JWT Token Authentication in Core Web API
    services.AddAuthentication(options =<
    options.DefaultAuthenticateScheme = "JwtBearer";
    options.DefaultChallengeScheme = "JwtBearer";
    	.AddJwtBearer("JwtBearer", jwtBearerOptions =<
    		jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
    			ValidateIssuerSigningKey = true,
    			IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("ABCDE-1234567890")),
    			ValidateIssuer = true,
    			ValidIssuer = "WTR-OrderService Core",
    			ValidateAudience = true,
    			ValidAudience = "The name of the audience",
    			ValidateLifetime = true, //validate the expiration and not before values in the token
    			ClockSkew = TimeSpan.FromMinutes(5) //5 minute tolerance for the expiration date
  • External Provider Authentication (like Google, Facebook, LinkedIn)
  • Azure Active Directory Authentication
  • Identity Server Web API Security Check

C# web service interview questions

Asp.Net C# Web API Examples | Join Asp.Net MVC Course