Security

Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code.

Authentication and authorization are two related words that are often used interchangeably, but mean different things and have very functionality within a system.

Authentication is the act of validating that users are who they claim to be.

Authorization is a process of giving a user permission to access a specific resources(s) or function(s).

Auth

Figure 5-1. Authentication and Authorization.

# Securing web APIs

Server-side comes with setting authentication in ASP.NET Core. ASP.NET Core Authentication

ASP.NET Core Identity allow secure web APIs and SPAs, use one of the following:

Azuree Active Directory

Example here
IdentityServer4

Example

Auth

Figure 5-2. Token-based authentication for Web APIs.

Security

# Securing web APIs

On this page