Why is it so hard to secure an API in .NET Core?

clinthulk2 — Tue, 28 Jul 2020 16:11:41 GMT

I just wanted to create a simple token authentication to secure my API but it's all so difficult. I shouldn't have to go through hours and hours of tutorials to add one of the most basic app requirements there is. The starter templates don't have auth if you're picking an API unless it's that azure thing. The SPA templates use OIDC in a mixture of MVC/SPA that's fairly complex. I don't want OIDC with Identity Server, and I don't want OAuth2.0.

I just want a simple JWT token that I can use with authentication and authorisation. There are no official guides to implement this with the JwtBearer provided by Microsoft just some made by the community, but those never follow the simplest case and always use IdentityServer or OAuth, Okta, etc.

I just want an API where I can send a username and password and it returns me a token which I use on subsequent requests by adding it to the header in the format of Authorization: Bearer (token) which let's me access secured endpoints with authentication and authorization. Can someone please help me with resources to accomplish this?

Re: Why is it so hard to secure an API in .NET Core?

Bram — Mon, 24 Jan 2022 10:55:11 GMT

I simply need a programming interface where I can send a username and passphrase and it returns me a token which I use on resulting requests by adding it to the header in the trust organization: carrier (token) we should access obtained. Better

topic Re: Why is it so hard to secure an API in .NET Core? in Integration and Testing

Why is it so hard to secure an API in .NET Core?

Re: Why is it so hard to secure an API in .NET Core?