Search⌘ K
AI Features
Home
Courses
Using Single Sign-On for Securing Applications in ASP.NET Core

ASP.NET Core Authentication Middleware

Explore how to configure authentication and authorization middleware in ASP.NET Core applications. Understand the setup of bearer token schemes, role-based authorization, and the request-processing pipeline to protect endpoints and secure access.

We'll cover the following...

Before we can learn how ASP.NET Core applications can be configured to use SSO, we need to learn how authentication and authorization middleware in ASP.NET Core work in general. To do so, we have the following playground, which contains all the key components:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "qualified.domain.name",
    "TenantId": "22222222-2222-2222-2222-222222222222",
    "ClientId": "11111111-1111-1111-11111111111111111",

    "Scopes": "access_as_user",
    "CallbackPath": "/signin-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}
Minimal API's app with authentication and authorization middleware

If we launch the playground and navigate to the Swagger URL once the application is built, we will see three endpoints with the following paths:

  • /unprotected: It can be accessed anonymously and will return the Unprotected endpoint accessed message in the response.

  • /protected: It requires a valid access token to be supplied in the request header. If so, it will return the Protected endpoint accessed message. Otherwise, it will return the 401 response code.

  • /admin: It requires not only a valid access token ...