Confused about how to implement authentication in ASP.NET Core web API
I recently took on somewhat of a hobby project for a friend for mainly learning purposes and to hopefully grow it into something that could end up becoming profitable. I've been a .NET developer for about a year now, but I'm still uncertain about how authenticating a web API is supposed to work. I've heard lots of terms like OAuth, Open ID, JWT, etc thrown around and each one of those topics is massive on it's own and I'm unsure which one(s) I need and where to start. Basically, this is the type of setup I'd like to have is this:
- A web API written using ASP.NET Core
- A web front-end using Vue.js
- A smartphone app (most likely Xamarin)
- The ability to create an account that will sign you in to either the website or the smartphone app
- My web API to only accept requests from devices (web or phone) that are signed in
From what I've been reading I shouldn't be doing any of the authentication myself (is that what Open ID is for?), but how do I validate that my web API is getting a request from a legitimate account? (and how does that relate to JWT) I'd just like to get a high-level overview about how I would connect all of these pieces to secure my web API. If I could just get pointed in the right direction of where to start with all of this it would be greatly appreciated.
0 comments:
Post a Comment