Quote of the Day

more Quotes

Categories

Get notified of new posts

Buy me coffee

  • Home>
  • aspnetcore security
Tag Archives for " aspnetcore security "

About integrated windows authentication and how to implement it in ASP.NET core running on IIS.

Published June 27, 2020 in .NET core , Angular , IIS , security - 4 Comments

In this post, I share what I have learned about integrated windows authentication and how to enable it in a web application which consists of an angular front-end and ASP.NET core 3 backend.

Continue reading

Why you need to register authentication middleware even if your ASP.NET core web API does not handle authentication.

Published February 1, 2020 in .NET core , ASP.NET core , OAuth2 , OpenID Connect , security - 0 Comments

Sometimes ago, I was confused about the role of the Authentication middleware in an ASP.NET core web API that does not authenticate an user. It makes sense to me that you need to use the Authentication middleware if your web application handles the authentication. Specifically, I did not understand why you need to use Authentication middleware if your app is a web API that does not handle authentication. For instance, my web API performs token validation but it does not authenticate a user. Authentication handling is part of the client application which implements OpenID implicit flow to authenticate the user and obtains authorization to access the web API. I believed I only needed the Authorization middleware so that I can annotate the endpoints I want to protect with the [Authorized] attribute. The document states

The UseAuthentication method adds a single authentication middleware component, which is responsible for automatic authentication and the handling of remote authentication requests. 

Authentication Middleware and services

So if my web API does not handle authentication, why do I still need to call UseAuthentication to add the middleware?

Continue reading