Summary
At the start of this chapter, we introduced the concepts of authentication and authorization, acknowledging the fact that most applications, including ours, do require a mechanism to properly handle authenticated and non-authenticated clients as well as authorized and unauthorized requests.
We took some time to properly understand the similarities and differences between authentication and authorization as well as the pros and cons of handling these tasks using our own internal provider or delegating them to third-party providers such as Google, Facebook, and Twitter. We also found out that, luckily enough, the Microsoft.AspNetCore.Identity
framework can be configured to achieve the best of both worlds. To be able to use it, we added the required packages to our project and did what was needed to properly configure them, such as performing some changes in our ApplicationUser
and ApplicationDbContext
classes and then adding a new EntityFrameworkCore
migration to update our database...