Proprietary auth with .NET Core
The authentication patterns made available by ASP.NET Core are basically the same as those supported by the previous versions of ASP.NET:
- No authentication, if we don’t feel like implementing anything or if we want to use (or develop) a self-made auth interface without relying upon the ASP.NET Core Identity system
- Individual user accounts, when we set up an internal database to store user data using the standard ASP.NET Core Identity interface
- Azure Active Directory (AD), which implies using a token-based set of API calls handled by the Azure AD Authentication Library (ADAL)
- Windows authentication, which is only viable for local-scope applications within Windows domains or AD trees
However, the implementation patterns introduced by the ASP.NET Core team over the past few years are constantly evolving in order to match the latest security practices available.
All the aforementioned approaches—excluding...