Sometimes you want to have your application running on HTTPS even when testing it out locally. One common approach is to use a self-signed certificate, but this method has some pitfalls - most notably that any browser will frown upon your certificate and start shouting that it is insecure. A more robust approach is to use a certificate generated by a Certificate Authority (CA). How? Enter mkcert, which lets you act as your own CA.
This blog post describes how to implement token-based authentication and authorization using .NET Core 6.0.
The way this works is that when the user is authenticated, a token containing various claims will be stored in the user’s browser. This cookie will be used in subsequent requests, and the claims can be checked on different endpoints in order to provide authorization.
Now let’s get coding!
Inside Startup.cs, add the following to the ConfigureServices(IServiceCollection services) method: