A practical tutorial showing how to use JSON Web Tokens in ASP.NET Core 2 applications.

Facebook, Google, and external provider authentication in ASP.NET Core describes how to enable users to sign in using OAuth 2.0 with credentials from external authentication providers. The approach described in that topic includes ASP.NET Core Identity as an authentication provider. This sample demonstrates how to use an external authentication provider without ASP.NET Core Identity.

This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage. IdentityServer4 is used to implement the secure token server.

Authentication via a JWT is pretty much standard practice these days and there are lots of blog posts and sample code showing how to do this in ASP.NET Core. However, what if we are implementing a multi-tenant API and want the JWT signing key secret to be different for each tenant? In this post we go through how to implement a multi-tenant JWT.

Getting Started with IdentityServer 4. Identity Server 4 is the newest iteration of IdentityServer, the popular OpenID Connect and OAuth Framework for .NET, updated and redesigned for ASP.NET Core and .NET Core. In this article, we are taking a quick look at why IdentityServer 4 exists, and then dive right in and create ourselves a working implementation from zero to hero.

An ASP.NET Core IdentityServer4 Identity Bootstrap 4 template with localization

The article shows how to implement user management for an ASP.NET Core application using ASP.NET Core Identity. The application uses custom claims, which need to be added to the user identity after a successful login, and then an ASP.NET Core policy is used to authorize the identity.

There is no doubt that external provider authentication is a must-have feature in new modern applications and makes sense because users are able to easily register new accounts and also login using their social account credentials. The entire process is based on OAuth 2.0 flows which were presented in detail in the OAuth 2.0, OpenID Connect & IdentityServer blog post of the ASP.NET Core Identity Series.

Building a robust security model within our applications is a critical step toward shipping the type of high-quality, high-value software solutions we strive to deliver to our customers and organizations.

If you want to add more security, you must ask for a second authentication. That's what is called a two-factor authentication (2FA). Commonly, you have a device (specialized or a smartphone) that give you a number to write down on the computer after you entered your password. So, even if your password is compromised, an attacker cannot access your account.