How to Secure a.Net Core App Using Identity Core?

The first thing that comes to mind when building an API is how to secure it. When you think of security, two words immediately spring to mind: authentication and authorization. Authentication is the process of determining whether or not a user is a valid member of the system. Authorization signifies that the member has the authority to carry out the following action.


JWT and API security go hand in hand. JWT means Json web token. It is used as an authentication or authorization token for your API.

It is like a Gate pass, which allows API to open a gate for the user or block him outside.

We can use the JWT token with our custom authentication and authorization mechanism, or we can use an identity that provides a built-in function to use for general use case.

We will try to secure our application through .Net Identity.

ASP .Net Identity

First, create the new Web API Project.

Add the following NuGet Package.

  • Microsoft.AspNetCore.Identity.EntityFrameworkCore
  • Microsoft.Extensions.Identity.Core
  • Microsoft.Extensions.Identity.Stores

We will be extending the Identity User with some custom property.

Now we need to create the Identities in our Database and create an Identity Context

We will be renaming the Identity table also.

Now Add the connection string in the appSetting.

Now we need to define the identity of the program.cs.

Now run the migration by following the command.

“add-migration Initial”

Now update the database


We now need to implement registration and login flow.

Let’s create a Registration flow first. Create a Register API.

I am using CQRS architecture, but you can design your API as you want.

Now create a static class with User Roles. We will use this in the registration flow and also when creating a claim during login.

Now we will create the user through Identity User Manager if it does not exist already and will assign the role to it.

Now that our registration flow is complete, we need to create a login API for the login flow.

Login API will have one extra step, which will be to create a claim after the user is authenticated.

Now we will use Identity User Manager and Role Manager to authenticate the user if he is a valid user of the system and will create it claim according to his role.

Now after the successful login of the user, we are returning the Bearer token, which will be used to authenticate and authorize the user if he has access to the following api.

Now create a test API to check if the authentication and Authorization are working.

The authorization tag will secure the application.

Now we need to add authentication and authorization configuration in our program.cs file, and we are good to go.

ASP.NET Hosting Recommendation

ASP.NET is a powerful platform for creating web applications and services. You must be comfortable with JavaScript, HTML, CSS, and C# before developing a web application in ASP.NET. On the market, there are thousands of web hosting companies providing ASP.NET Hosting. But, only very few web hosting companies could provide high quality ASP.NET hosting solution.

ASP.NET is the best development language in Windows platform, which is released by Microsoft and widely used to build all types of dynamic Web sites and XML Web services. With this article, we’re going to help you to find the best ASP.NET Hosting solution in Europe based on reliability, features, price, performance and technical support. After we reviewed about 30+ ASP.NET hosting providers in Europe, our Best ASP.NET Hosting Award in Europe goes to, one of the fastest growing private companies and one of the most reliable hosting providers in Europe.

You may also like...

Popular Posts