In this chapter, you have learned how to secure ASP.NET Core 3 applications, including managing authentication and authorization for your application users.

You have added basic forms of authentication, and more advanced external provider authentication via Facebook, to the example application. This should give you some good ideas on how to approach these important topics in your own applications.

Furthermore, you have learned how to add standard reset password mechanisms, since users forget their passwords all the time and you need to respond to this type of request as securely as possible.

We have even talked about two-factor authentication, which can provide an even higher security level for critical applications.

At the end of the chapter, you also saw how to handle authorizations in multiple ways (basic, roles, policies), so that you can decide which approach is best suited to your specific use case.

In general, you have acquired the vital skills of being able to authenticate users for your application, and being able to authorize them to carry out assigned functions within the application.

In the next chapter, we will talk about the other different vulnerabilities you may have in developing ASP.NET Core 3 web applications.