These days web applications are vulnerable to various attacks so there is a need to secure your application so that unauthorized users are not able to access it. ASP.NET Core Security provides a various mechanism to secure you applications i.e. authentication, authorization, data protection, Secure Socket Layer (HTTPS), app secrets, etc. This series will try to cover security techniques in detail to make you aware of various ways available to secure your applications.

ASP.NET Core Security Techniques

There are many in-built as well as third party tools & libraries available which can be used in ASP.NET Core applications to implement security-related features like authentication, authorization, etc.

Authentication

There are applications that have user-specific data i.e. user’s stocks, bank balance, mails, etc and this data is confidential so it should not be viewable by other users. Authentication helps you in identifying the user’s identity i.e. which user is accessing your application. The user has to prove his/her identity by providing the credential i.e. user id/password and in some cases, there might additional security features like multi-factor authentication.

Authorization

Once the user is identified and able to access your application then the next step is to determine what actions the user is able to perform. A superuser might be able to create data and other normal users might be able to view data added by the superuser but not delete allowed to delete records. Now authentication & authorization are two different things but they go hand in hand.

Data Security

Data security is about securing confidential application data from unauthorized access. Data should be secure between server round trips Also, access to the database should be secured.

#programming #ap.net core security #asp.net core 3.1 #security