In this chapter, you've learned how to add a security layer to your backend server, which allows you to authenticate users and authorize their actions. Application security is a big and important topic, which, if done incorrectly, can expose your application data and your users' privacy to attacks and leakage. Authentication and authorization can help you make sure that users can only do what you have approved. ASP.NET Core provides the identity infrastructure, which takes advantage of the EF Core DbContext and adds necessary entities to your data model. After you enabled the identity infrastructure, I showed you how to add authentication and generate a JWT that holds the user's claims. Afterwards, you saw how to use these claims to create authorization rules and policies. Our journey to secure the backend is not complete yet. In Chapter 14, Moving Your Solution to the Cloud, I'll teach you how to add more protection layers.

In the next chapter, we'll take a break from adding features to the application, and concentrate on ways in which we can improve application maintainability and development productivity with useful techniques for diagnosing, troubleshooting, and debugging application errors.