Authentication methods
Now that we have updated our database to support the .NET Core Identity authentication workflow and patterns, we should choose which authentication method to implement.
As we most certainly know, the HTTP protocol is stateless, meaning that whatever we do during a request/response cycle will be lost before the subsequent request, including the authentication result. The only way we have to overcome this is to store that result somewhere, along with all its relevant data, such as user ID, login date/time, and last request time.
Sessions
Since a few years ago, the most common and traditional method to do that was to store this data on the server using either a memory-based, disk-based, or external session manager. Each session can be retrieved using a unique ID that the client receives with the authentication response, usually inside a session cookie, that will be transmitted to the server on each subsequent request.
Here's a brief diagram showing the Session-Based Authentication...
