These days web applications are vulnerable to various attacks so there is a need to secure your application so that unauthorized users are not able to access it. ASP.NET Core Security provides a various mechanism to secure you applications i.e. authentication, authorization, data protection, Secure Socket Layer (HTTPS), app secrets, etc. This series will try to cover security techniques in detail to make you aware of various ways available to secure your applications.
Here is the list of posts in this series.
Also I will be listing new posts here when they are published.
ASP.NET Core Security Techniques
There are many in-built as well as third party tools & libraries available which can be used in ASP.NET Core applications to implement security-related features like authentication, authorization, etc.
There are applications that have user-specific data i.e. user’s stocks, bank balance, mails, etc and this data is confidential so it should not be viewable by other users. Authentication helps you in identifying the user’s identity i.e. which user is accessing your application. The user has to prove his/her identity by providing the credential i.e. user id/password and in some cases, there might additional security features like multi-factor authentication.
Once the user is identified and able to access your application then the next step is to determine what actions the user is able to perform. A superuser might be able to create data and other normal users might be able to view data added by the superuser but not delete allowed to delete records. Now authentication & authorization are two different things but they go hand in hand.
Data security is about securing confidential application data from unauthorized access. Data should be secure between server round trips Also, access to the database should be secured.
There are lots of other attacks against which ASP.NET Core security provides ways to secure our applications. To name a few of the other vulnerabilities like SQL Injection, Cross-Site Request Forgery, Server Version Disclosure, etc.