Web applications that are accessible to the public internet are exposed to many types of attacks. It's almost every day that you hear about some sensitive information being leaked or a website that was not accessible due to cyber attacks. You should consider your application security a high priority, as you do not want to be on the list of insecure websites; otherwise, users will stay away from your site.

In this chapter, you'll learn the infrastructure that ASP.NET Core provides to secure your application and the means to authenticate and authorize your users so that they will be able to do only what you permit them to. You'll look at the following topics:

• Authentication and authorization
• Adding ASP.NET identity management
• Using JWT tokens
• Claim-based and role-based authorization
• Enabling Cross-Origin Resource Sharing