In my last video, I have discussed how to use JWT for authentication in ASP.NET Core application.
In this video, we will be using our own token generator. And hence our own custom authentication handler.
A custom authentication handler in ASP.NET Core needs to derive from AuthenticationHandler, is is a generic class. Where T is derived from AuthenticationSchemeOptions.
In this video, for simplicity, I have using a GUID for a token. But in real-life solutions, we will use encrypted values using a private key. So that it is more secure. Also, the token will have time to live. Just like the JWT Token creation process supports time to live.
In the example for keeping a track of the tokens, I have created a in-memory dictionary. But in real-life solution, it would be some sort of distributed cache like Redis as the web servers will be distributed across multiple containers. So keeping an in-memory cache will not work.
Blog url: https://dotnetcorecentral.com/blog/authentication-handler-in-asp-net-core/
Comments