Lesson 20 of 40
Security
Advanced
55 min
Security: Authentication & Authorization
Implement JWT authentication, policy-based authorization, OAuth 2.0 / OIDC, and the new .NET 10 Identity API endpoints.
Part 1: JWT Bearer Authentication
builder.Services.AddAuthentication().AddJwtBearer(o => {
o.TokenValidationParameters = new() {
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = config["Jwt:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(keyBytes)
};
});
o.TokenValidationParameters = new() {
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = config["Jwt:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(keyBytes)
};
});
Part 2: Policy-Based Authorization
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy =>
policy.RequireRole("Admin").RequireClaim("department", "engineering"));
});
[Authorize(Policy = "AdminOnly")]
public IActionResult AdminDashboard() => View();
{
options.AddPolicy("AdminOnly", policy =>
policy.RequireRole("Admin").RequireClaim("department", "engineering"));
});
[Authorize(Policy = "AdminOnly")]
public IActionResult AdminDashboard() => View();
Part 3: Identity API Endpoints (.NET 10)
// One line gives you register/login/refresh endpoints
app.MapIdentityApi<ApplicationUser>();
// POST /register — create account
// POST /login — get JWT token
// POST /refresh — refresh token
// GET /confirmEmail — email confirmation
app.MapIdentityApi<ApplicationUser>();
// POST /register — create account
// POST /login — get JWT token
// POST /refresh — refresh token
// GET /confirmEmail — email confirmation
Part 4: OAuth 2.0 / OIDC with Microsoft Entra
builder.Services.AddAuthentication().AddMicrosoftIdentityWebApp(
builder.Configuration.GetSection("AzureAd"));
// appsettings.json
{
"AzureAd": {
"TenantId": "your-tenant-id",
"ClientId": "your-client-id"
}
}
builder.Configuration.GetSection("AzureAd"));
// appsettings.json
{
"AzureAd": {
"TenantId": "your-tenant-id",
"ClientId": "your-client-id"
}
}
