Implement Identity-based Authentication and Authorization in Minimal APIs in ASP.NET Core

Minimal APIs in ASP.NET Core allow us to build lightweight APIs with minimal dependencies. However, often we will still need authentication and authorization in our minimal APIs.

Minimal APIs in ASP.NET Core offer a lightweight approach to building APIs with minimal dependencies. However, many scenarios still require authentication and authorization in these minimal APIs. ASP.NET Core provides several options for achieving this, including basic authentication, token-based authentication, and identity-based authentication.

We've covered implementing basic authentication in minimal APIs and JWT token-based authentication in minimal APIs. Now, let's explore how to implement identity-based authentication for minimal APIs in ASP.NET Core.

To follow along with the code examples in this article, ensure you have Visual Studio 2022 installed on your system. If you don't have a copy, you can download Visual Studio 2022 here.

Creating an ASP.NET Core Web API Project in Visual Studio 2022

To create an ASP.NET Core Web API project in Visual Studio 2022, follow these steps:

We'll use this ASP.NET Core Web API project to work with the code examples given in the sections below.

Identity Management in ASP.NET Core

ASP.NET Core includes a powerful feature called identity management, which has been enhanced in .NET 8. The built-in Identity framework in ASP.NET Core provides the necessary middleware to implement authentication, user management, and role-based authorization, making it easier to implement robust and secure authentication mechanisms in your application.

ASP.NET Core's Identity framework is extensible and customizable, supporting the following key features:

Creating a Minimal API in ASP.NET Core

In the Web API project we created above, replace the generated code with the following code to create a basic minimal API.

When you run the application, the text "Hello World!" will be displayed in your web browser. We'll use this endpoint later in this article.

Installing NuGet Packages

To add support for the built-in Identity framework in ASP.NET Core, select the project in the Solution Explorer window, then right-click and select "Manage NuGet Packages." In the NuGet Package Manager window, search for the Microsoft.AspNetCore.Identity.EntityFrameworkCore, Microsoft.EntityFrameworkCore.SqlServer, and Microsoft.EntityFrameworkCore.Design packages and install them.

Alternatively, you can install the packages via the NuGet Package Manager console by entering the commands listed below.

Creating a New DbContext in EF Core

We'll be using Entity Framework Core in this example. The DbContext is an integral component of EF Core that represents a connection session with the database. Next, create a custom DbContext class by extending the IdentityDbContext class as shown in the code snippet given below.

You should register the custom DbContext class by including the following line of code in the Program.cs file.

Enabling Authentication and Authorization in ASP.NET Core

Authentication is the process of determining who the user is and validating the user's identity. You can enable authentication in a minimal API in ASP.NET Core by using the AddAuthentication() method as shown in the code snippet given below.

We use authorization to restrict access to certain resources in an application. You can enable authorization in your minimal API by using the following code.

The AddAuthorization method is used to register authorization services with the services container so that you can define rules for enabling or disabling access to resources of the application if needed.

Configuring Services and API Endpoints in ASP.NET Core

The next thing we need to do is configure the identity and EF Core services and the API endpoints. To do this, include the code listing given below in the Program.cs file.

The AddIdentityApiEndpoints() method in the preceding code snippet adds the necessary controllers and services for authentication and authorization (login, logout, registration, etc.). Note that this is a new method (introduced in .NET 8) used to configure Identity integration in an application. The AddIdentityApiEndpoints() method accepts an instance of type IdentityUser as a parameter, which is used to specify the type of user.

You can use the following piece of code to add authorization for the /helloworld endpoint.

Complete Program.cs File Source

The complete source code of the Program.cs file is given below for your reference.

The integrated identity management feature in ASP.NET Core is both powerful and easy to use. The improvements in .NET 8 have made Identity even more robust and flexible with an improved Identity API, which enables you to implement identity-based authentication and authorization more easily and efficiently with less code.

Next read this: