.Net Authentication

Question 1

Can you specify different schemes for different actions?

Answer 1

Yes. You can specify different default schemes to use for authenticate, challenge, and forbid actions.

Question 2

What is an authentication handler?

Answer 2

Is a type that implements the behavior of a scheme.

Is derived from IAuthenticationHandler or AuthenticationHandler<TOptions>.</TOptions>

Has the primary responsibility to authenticate users.

There is also more extended handlers like IAuthenticationSignOutHandler, IAuthenticationSignInHandler, IAuthenticationRequestHandler. They add SignOut, SignIn, HandleRequest actions for scheme.

Question 3

What authorization handler constructs when authorization is successful?

Answer 3

Construct an AuthenticationTicket object representing the user’s identity if authentication is successful.

Question 4

What authorization handler returns when authorization is not successful?

Answer 4

Return ‘no result’ or ‘failure’ if authentication is unsuccessful.

Question 5

What is RemoteAuthenticationHandler<TOptions>?</TOptions>

Answer 5

RemoteAuthenticationHandler<TOptions> is the class for authentication that requires a remote authentication step. When the remote authentication step is finished, the handler calls back to the CallbackPath set by the handler.</TOptions>

The handler finishes the authentication step using the information passed to the HandleRemoteAuthenticateAsync callback path. OAuth 2.0 and OIDC both use this pattern. JWT and cookies don’t since they can directly use the bearer token and cookie to authenticate.

That can be used for logging in with Google or Facebook, etc.