.Net Authentication Flashcards
Could you directly specify where to use which authentication schema, when there are many?
First of all, you can specify the default schema, by passing a string to the AddAuthorization method.
But authorization policies and authorization attributes support differentiation by scheme name. Just pass them the name of the schema you want to use in a particular place.
How to add authentication middleware?
The Authentication middleware is added by calling UseAuthentication. Calling UseAuthentication registers the middleware that uses the previously registered authentication schemes. Call UseAuthentication before any middleware that depends on users being authenticated.
What is the product of authentication?
ClaimsPrincipal. It’s used then in the authorization process for checking access to the resources.
What is the difference between Principal and Identity?
Principal is the security context, that is used for authorization.
Identity is just a known set of information about some subject (e.g. user).
Principal can have multiple identities. It can mean different things. For example, you logged in with two accounts simultaneously, you logged in by user/password and with 2FA (different identity).
All of this is for separating information about the user and user permissions. For example, the user identity may be delivered from google, but permissions are set inside your application.
In contrast, Identity can also contain information about the role for differentiating permissions, but Principle allows the separation of these concepts.
What is ClaimsPrinciple?
It’s a realization of Principle. It may contain multiple Identities (in form of ClaimIdentity). But more often one is enough.
It has the primary Identity in Identity property.
It has Claims property. Which contains all claims from all identities.
It has methods to find Claims by predicate, by type, to add/remove Identities, to set delegate determining primary identity, checking existing of claim with specified type and value.
