Question: What is Web API in ASP.NET?
|
Answer: Asp.Net Web API is an extensible robust framework to develop HTTP based APIs what can expose services as well as data.
A wide range of clients can access the APIs, what includes computers, browsers, mobile devices, etc.
Because it is an HTTP service, it may reach many clients. The data passed to API from the client can be either XML or JSON,
and Web API automatically figures out what format it needs to deserialize based on the content type.
|
Question: What are Authentication and Authorization in ASP.NET?
|
Answer: Authentication and Authorization are essential components of any web application, ensuring the security and proper access control for users.
The Authentication process verifies the identity of the user and ensure they are who they claim to be. This is done by presenting the credentials, like username/password to a trusted source and validating them.
The Authorization in Asp.Net Core is controlled using the [Authorize] attribute. This attribute can be applied at Controller or Action level to restrict access to specific components of the application.
|
Question: How authentication and authorization are handled in normal Asp.Net App?
|
Answer: There are following four ways:
• Windows authentication: Here Asp.Net webpages use local users and groups in windows to authenticate and authorize resources.
• Forms Authentication: This mode prompts the user for credentials which are either stored as cookie file in client machine or are sent through URL in an encrypted manner for every request.
• Passport Authentication: Here when user logs in with credentials, it hits Microsoft passport website, where authentication takes place. Following successful authentication it returns a token to the website.
• Anonymous access: If one does not want any kind of authentication, then one can go for Anonymous access.
|
Question: How Authentication/Authorization is implemented in Asp.Net Core or in Web APIs?
|
Answer: The Authentication mechanism in Asp.Net Core involves authentication schemes what represents a specific method or protocol to authenticate an user.
Asp.Net Core supports various authentication schemes out of the box, like Cookie authentication, JWT bearer authentication, external authentication providers like OAuth and OpenID Connect, etc.
|
Question: How to secure APIs with JWT Bearer Authentication in Asp.Net Core?
|
Answer: To secure APIs, Asp.Net Core provides built-in support for JSON Web Tokens (JWT) and the JWT bearer authentication scheme.
The JWTs are self-contained tokens what contain requried information about users and their permissions.
After validating integrity and authenticity of a JWT, one can trust the claims that it contains and can authenticate the request.
A master page defines placeholders for its contents and those can be overridden by content pages.
Finally the output is rendered as a combination of the master page and the content page.
To enable JWT bearer authentication, one would need to configure the authentication scheme and provide necessary options,
like the token validation parameters and also the issuer signing key.
|