Security is a critical aspect of all software development. Applications are vulnerable to bad actors and malicious software. Web applications are accessible via the Internet and this adds additional vulnerabilities that a web app should be hardened against.
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
LinkMany security incidents are due to avoidable human error - flawed access control, authentication, or authorization, insecure design practices, security misconfigurations, insufficient deployment testing, poor security monitoring, and not keeping up with maintenance.
It is important for application developers to be aware of the ways in which an application is vulnerable and strive to develop apps that are robust to security failures.
- Authentication - Authenticates that a user is who they claim to be. This can be done using passwords, biometrics, and multi-factor authentication methods. The authentication software may be a part of the web app itself, provided by an authentication service provider, or use third-party authentication by linking to another application via an authentication protocol such as OpenID.
- Authorization - Once a user is authenticated, authorization determines what the user is authorized to access. Authorization can also be implemented directly in the app, or through a service provider using an authorization protocol such as OAuth.
In ASP.net, the Microsoft.AspNetCore.Identity API supports user interface login functionality and manages users and authentication.
Authorization is handed by Microsoft.AspNetCore.Authorization