ASP.NET Core API authentication using JWT bearer tokens

What is OAuth 2.0 and how its flows can be applied for securing my applications? What does a token do and how it is useful in securing API’s? Is there any way to implement all these nice and easy in ASP.NET Core? In this post I will cover these topics, by first discussing about why token based security is so successful in security scenarios, and the OAuth protocol play in this. We’ll see more closely one of OAuth flows, the client credentials flow and implement it to secure an ASP.NET Web API application.

Continue reading

ASP.NET Core 2.0 Authentication with Azure Active Directory B2C

In today’s post of ASP.NET Core 2.0 Authentication series, I am going to discuss about Azure Active Directory B2C, a service provided by Microsoft Azure for identity access and management.
In previous post, I talked about Azure Active Directory and how useful it is in corporate scenarios, however B2C is a better option for external user access and identity management, with powerful features such as support for various identity providers, policies and many more.

I will first briefly discuss about Azure AD B2C, what is it and how it is different from standard Azure AD. Then I am going to show you how to setup a tenant on Azure Portal, how to configure an identity provider, GitHub in this scenario, and how to setup policies. In the last part, I will show you how to configure your application to authenticate users using Azure AD B2C and how to handle failure events.

Continue reading