© Scott Norberg 2020
S. NorbergAdvanced ASP.NET Core 3 Security https://doi.org/10.1007/978-1-4842-6014-2_7

7. Authentication and Authorization

Scott Norberg1 
(1)
Issaquah, WA, USA
 
It’s time to talk about authentication and authorization. Before I get too far into it, I’ll take a moment to define these two terms:
  • Authentication: Verifying that you are who you say you are

  • Authorization: Verifying that you can do what you say you can do

Since it is tough to do authorization without proper authentication, I’ll start with authentication. Ensuring that the user is who they say they are is incredibly important for any secure website. But, unfortunately, the most common means we have to authenticate users, asking for a username and password, is not that secure. ...

Get Advanced ASP.NET Core 3 Security : Understanding Hacks, Attacks, and Vulnerabilities to Secure Your Website now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.