.NET 核心 Web API 身份验证和 .NET 身份

Question

I recently took over a .NET core MVC project and have to extend it with an API. For authentication .NET core Identity is used. Coming from swift iOS/Mac development i started a demo project getting into it and doing some basic authentication.

When reading up on the identity on Microsofts Docs they foucs on WebApps. So my questions are:

• Should i use identity for API authentication or is it just for internal identity Management and WebApp stuff?
• Does identity/.NET core already offer me jwt and eg basic auth to initially obtain the jwt or do i have to create a lot myself?

My Goal rn is to just create jwt-auth protected routes and to be able to get a jwt with a username and a password.

Answer 1

ASP.NET Core Identity isn't suitable for guarding APIs, usage of other identity providers is directed by the Docs :

ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following :

• Azure Active Directory
• Azure Active Directory B2C (Azure AD B2C)
• IdentityServer4

and as per the previous link:

IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. IdentityServer4 enables the following security features:

• Authentication as a Service (AaaS)
• Single sign-on/off (SSO) over multiple application types
• Access control for APIs
• Federation Gateway

So you will need to go with IdentityServer4

Answer 2

You should use identity server4 for this.

Refer a simple example of identity server 4 to protect client with token.

identity-server4 simple example

There are a lot more things you will have to understand refer identity server 4 official doc .

Moreover you can also follow step by step identity server setup video tutorial .