Part 25: Authentication In Asp.Net Core 3.1

#8 minutes of reading
Till now we created two controller Mobile Brands and Product Details, and both are communicated with database to read data. The controller which I created is for Admin or Application user(dealer) and not for end user / anonymous user.
For now, anyone one can access application and modify data which is not expected in real time application and to avoid this Asp.Net core provide an API for Authentication and Authorization feature called Identity.
Let’s understand first Authentication and Authorization without Identity API.
If I don’t want to allow anyone to access Brand and ProductDetails controller in e-Mobile application, will use Authentication and Authorization.
Authentication is a process to authenticate the user is valid user for the application or not. Authentication it nothing but who you are.
Authorization is a process to validating requested resource are allowed to access or not based on your Role in application.
Let’s implement simple Login functionality for e-Mobile application without Identity API. Sample code
Create user Model under Models folder.

Update MobileDbContext class for UserModel.

Add UserModel table under database using migration commands shown below.

Append dummy data for username and password.

Create Account controller shown below. SignIn here accept Claims principle which I have created in Login Post action. Claims is nothing but Identity (like Pan card, driving license, …etc)

  Create login view for Account controller.

  Update below highlighted code in startup.cs file

Add Authentication pipeline in configure method of Startup.cs file.

Add Authorize attribute for both controller shown below.

Run application and check browser window, you will redirect to login page.

After successful login you will get redirected to Brand page.

In this article I have shown you simple implementation of Authentication and Authorization using Cookie with Claims principle. In next article I will revert back all changes done in this article and implement Identity API which already provide lot of inbuild functionality for Authentication and Authorization.