Edition 0 Updated to asp. Net core 0


Sharing cookies between applications



Yüklə 11,82 Mb.
Pdf görüntüsü
səhifə279/288
tarix12.07.2023
ölçüsü11,82 Mb.
#136458
1   ...   275   276   277   278   279   280   281   282   ...   288
NET-Microservices-Architecture-for-Containerized-NET-Applications

Sharing cookies between applications
https://learn.microsoft.com/aspnet/core/security/cookie-sharing
 

Introduction to Identity
https://learn.microsoft.com/aspnet/core/security/authentication/identity
 

Rick Anderson. Two-factor authentication with SMS
https://learn.microsoft.com/aspnet/core/security/authentication/2fa
 

Enabling authentication using Facebook, Google and other external providers
https://learn.microsoft.com/aspnet/core/security/authentication/social/
 

Michell Anicas. An Introduction to OAuth 2
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
 

AspNet.Security.OAuth.Providers
(GitHub repo for ASP.NET OAuth providers) 
https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/tree/dev/src
 

IdentityServer4. Official documentation
https://identityserver4.readthedocs.io/en/latest/
 
About authorization in .NET microservices and web 
applications 
After authentication, ASP.NET Core Web APIs need to authorize access. This process allows a service 
to make APIs available to some authenticated users, but not to all. 
Authorization
 can be done based 
on users’ roles or based on custom policy, which might include inspecting claims or other heuristics.
Restricting access to an ASP.NET Core MVC route is as easy as applying an Authorize attribute to the 
action me
thod (or to the controller’s class if all the controller’s actions require authorization), as 
shown in following example: 
public
class
AccountController : Controller 

public
ActionResult 
Login
() 




329 
CHAPTER 8 | Make secure .NET Microservices and Web Applications 
[Authorize] 
public
ActionResult 
Logout
() 



By default, adding an Authorize attribute without parameters will limit access to authenticated users 
for that controller or action. To further restrict an API to be available for only specific users, the 
attribute can be expanded to specify required roles or policies that users must satisfy. 

Yüklə 11,82 Mb.

Dostları ilə paylaş:
1   ...   275   276   277   278   279   280   281   282   ...   288




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin