Authentication

[abauzac]

Based on some recommandations I got, we might use IdentityServer4 for authentication and JWT.

• [ ] Use Asp Net Identity instead of Person model (in DomainObjects namespace). Note that using this, a lot of default properties will exist by default.

• [ ] Store secret ( https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets )

• [ ] Password encryption using Sha512 ( https://github.com/gothinkster/node-express-realworld-example-app/blob/master/models/User.js#L25 )

• [ ] Register : POST /api/users

• [ ] Register : POST /api/userslogin

• [ ] Add [Authorize] and [AllowAnonymous] in controllers where needed

Some useful resources :

https://forums.asp.net/t/2110800.aspx?Identity+and+Jwt+How+does+it+all+fit+together+ https://identityserver4.readthedocs.io/en/release/quickstarts/6_aspnet_identity.html

If there is anything to add, do not hesitate ;)

[abauzac]

More resources : https://dev.to/samueleresca/developing-token-authentication-using-aspnet-core

As said, there is no native support for token generation in netcore. So the problem here is : should we use a third party lib to handle this (like IdentityServer suggested in the MSDN ) or implement a token generator middleware as described in the article