9
Authentication and Authorization with Services and Clients
Not every user and application should be allowed to access all API services. Some APIs should only be accessible from specific applications, and others should be restricted to a group of users.
In this chapter, you’ll learn how to use business-to-consumer (B2C) to allow users to register with our application and protect APIs. We’ll use Azure Active Directory (AD) B2C for this. For an on-premises solution (which can also be used in the cloud), we’ll be using ASP.NET Core Identity.
Instead of securing every API project, you’ll learn about Microsoft Yet Another Reverse Proxy (YARP), a proxy that is put in front of the APIs that are available to restrict access to the services in the backend. ...
Get Pragmatic Microservices with C# and Azure now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.