Authentication Methods in ASP.NET

Question 1

What are the most common methods of authentication?

Answer 1

Cookie-based
Token-based
Third-party (OAuth, API-token)

Also OpenID, Security Assertion Markup Language)

Question 2

What is cookie-based authentiation?

Answer 2

Authentication users by storing details in browser cookies.

Question 3

What is token-based authentication?

Answer 3

Server generates a token which is stored on client and sent with each request.

Commonly used for API’s

Question 4

What is OAuth?

Answer 4

A user can sign in on one website and be authorised to perform actions on another.

Question 5

What are the two OAuth Flows?

Answer 5

• Authorisation Code Flow
• Implicit

Question 6

When is the Authorization Code Flow used?

Answer 6

Web application that can store a client secret

Question 7

When is the Implicit Flow used?

Answer 7

Web application that can not store a client secret

Question 8

Which Authentication Flow is more secure?

Answer 8

Authorisation

Question 9

Describe the Authorisation Code Flow?

Answer 9

1. **Client **requests Authorisation Code from Authorisation Server.
2. Authorisation Server authenticates Client and asks User to grant permission to Client.
3. User grants permission to Client.
4. Authorisation Server sends Authorisation Code to Client.
5. **Client **requests Access Token from Authorisation Server in exchange for Authorisation Code.
6. Authorisation Server verifies Authorisation Code and sends Access Token to the client.

Question 10

Describe the Implicit Code Flow?

Answer 10

1. Client sends request for Authorisation Server to obtain an Access Token.
2. **Authorisation Server **authenticates the Client and asks the User to grant permission to the Client.
3. The User grants permission to the Client.
4. The **Authorisation Server **sends an Access Token to the Client.

Question 11

What two main types of Authentication do you use in ASP.NET Core?

Answer 11

• Cookies
• JWT

Question 12

What is the main difference between Cookie and JWT authentication in ASP.NET?

Answer 12

• Cookies small text files stored client-side
• JWT self-contained and signed. More secure as no information client-side

Question 13

How do you implement Cookie Authentication in ASP.NET?

Answer 13

In startup.cs ConfigureServices

services.AddAuthentication(…).AddCookie(…)

Question 14

How do you implement JWT Authentication in ASP.NET?

Answer 14

In startup.cs ConfigureServices

services.AddAuthentication(…).AddJwtBearer(…)

Question 15

Which validation parameters do you need to set with JWT Authentication?

Answer 15

• Issuer
• Audience
• Signing Key

Question 16

How can you add a users Role to a Jwt?

Answer 16

Using Claim class

Create a list and add

new Claim(ClaimTypes.[Name/Role etc…], “Item”)