Overview of ASP Dot net Core Authentication

  1. What is the Authentication scheme?
  2. Practical Implementation of Authentication in .Net Core,
  3. Conclusion

What is Authentication?

Authentication is the process of validating whether the person or the entity who they claim to be is correct. It provides the control to validate the input credentials against the authentication server or database which is being used for storing the details.

What is the Authentication Scheme?

The authentication scheme is the bundle that consists of an authentication handler and options to configure the specified handler. Schemes are used to choose the authentication mechanism, challenge and forbid the behavior of a handler. A default authentication scheme is used until one is explicitly specified.

Practical Implementation of Authentication in .Net Core

In this section, let’s see in detail how to implement an Authentication mechanism in .Net Core-based API.

Step 1

Create a .Net Core-based web application project using the Microsoft visual studio IDE and provide the required path and name for the solution.

Step 2

Choose the ASP.Net core web application template as API and ensure it is pointed to .Net Core and the version is .Net Core 3.1.

Step 3

On creating the project, the code structure of the project will look similar to the below image. Where a default weather forecast controller would be included as a part of the project.

Step 4

In this example, we are going to authenticate the JWT based bearer token. Let’s open the appsettings.json file that is present in the project and configure the required details for validating JWT. To validate a JWT, we need an Issuer, Audience, and a key to validate the issuer. The appsettings.json file by default comes with the logging settings. Along with that, we are going to add the settings for JWT.

Step 5

The next step is to validate the created configuration against the request data. The code to validate the request header with configuration will be done in the startup file. There is a ConfigureServices method present in the startup method, it is where the changes for validation have to be made.

Step 6

Now, in the weatherforecast controller, create a method that generates a token to validate it against the code which has been implemented. The method creates the bearer token with the same issuer, audience, and key to validate the user.

Step 7

Open the postman tool and call the endpoint https://localhost:44394/weatherforecast/token. Check whether you are able to see the bearer token in the response.

Step 8

Now, let’s try to hit the default endpoint that comes with the API code and see how the response looks. Note — Do not add the authorize shorthand to the method.

Step 9

Let’s add the Authorize shorthand

Step 10

Call the same endpoint from the postman again. Do you see the 401 unauthorized as the response in the response section?

Step 11

Let’s make a success call by getting the bearer token and then make the call to the get method by passing the bearer token in the Authorization header of the get request.


Securing the features in an application is as important as implementing the features in the application. Authorization plays a key role in securing the endpoints and provides valuable features to the user along with security.

We are the technical partner for your online platform and the best employer for web development professionals. Want to know more about ParTech? Partech.nl/nl

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store