- Authentication - the process of verifying the identity of a user or system.
- Authorization - the process of determining whether a user or system has permission to access a specific resource or perform a specific action.
I created JWT based authentication and authorization system in ASP.NET Core. JWT stands for JSON Web Token.
It keeps 3 main parts in itself:
- Header - consists information about algorithm and token type.
- Payload - consists information about user and token's data.
- Signature - consists information about encoded signing key.
Firstly, we must create method which generate JWT and return it. When user login to system and if there is not any exception, JWT is generated and it is returned to us.
Authentication stage verifies and validates this token based on its payload.
After this process Authorization stage is being and it determines whether the logged in user has access to the endpoint from which the request was sent.
If we want to implement JWT based authentication and authorization, we must use AddAuthentication() and AddAuthorization() methods.
According to these we must use UseAuthentication() and UseAuthorization() methods for correct working of methods.
- FluentValidation.AspNetCore (v-11.3.0)
- Microsoft.AspNetCore.Authentication.JwtBearer (v-6.0.36)
- Microsoft.EntityFrameworkCore (v-6.0.36)
- Microsoft.EntityFrameworkCore.Tools (v-6.0.36)
- Newtonsoft.Json (v-13.0.3)
- Npgsql.EntityFrameworkCore.PostgreSQL (v-6.0.29)
- Swashbuckle.AspNetCore (v-6.5.0)