Using Single Sign-On for Securing Applications in ASP.NET Core/

...

/

ASP.NET Core Authentication Middleware

ASP.NET Core Authentication Middleware

Familiarize yourself with authentication middleware of ASP.NET Core.

We'll cover the following...

Before we can learn how ASP.NET Core applications can be configured to use SSO, we need to learn how authentication and authorization middleware in ASP.NET Core work in general. To do so, we have the following playground, which contains all the key components:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "qualified.domain.name",
    "TenantId": "22222222-2222-2222-2222-222222222222",
    "ClientId": "11111111-1111-1111-11111111111111111",

    "Scopes": "access_as_user",
    "CallbackPath": "/signin-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}
Minimal API's app with authentication and authorization middleware

If we launch the playground and navigate to the Swagger URL once the application is built, we will see three endpoints with the following paths:

  • /unprotected: It can be accessed anonymously and will return the Unprotected endpoint accessed message in the response.

  • /protected: It requires a valid access token to be supplied in the request header. If so, it will return the Protected endpoint accessed message. Otherwise, it will return the 401 response code.

  • /admin: It requires not only a valid access token ...