.NET

This blog post describes how to implement token-based authentication and authorization using .NET Core 6.0. The way this works is that when the user is authenticated, a token containing various claims will be stored in the user’s browser. This cookie will be used in subsequent requests, and the claims can be checked on different endpoints in order to provide authorization. Now let’s get coding! Inside Startup.cs, add the following to the ConfigureServices(IServiceCollection services) method:

A common requirement for most serious applications is to be able to produce audit logs: information about which user has accessed what information and when. In the .NET Core 5.0 API we are building right now, we decided to implement this functionality as a middleware that will automatically be executed upon every request to the API. We want to log the response actually sent back to the client, so it’s important that we put our new middleware first (or at least very early) in the HTTP request pipeline.