ASP.NET Core Security, Part 1
To start my series on ASP.NET Core security, I'll show how to set up authentication to register, log in and log out a user account in an ASP.NET Core MVC application. To get started, open Visual Studio 2017 and create a new ASP.NET Core Web Application as seen in Figure 1.
Next click on the Change Authentication button on the next dialog as seen in Figure 2.
Then change the authentication type to "Individual User Accounts" as seen in Figure 3.
Next click the OK button to create the new ASP.NET Core Web Application as seen in Figure 4.
Next we are going to create the database for our application. Go to Tools |NuGet Package Manager | Package Manager Console as seen in Figure 5.
Then run the "Update-Database" command in the console.
Your app is now configured to allow a user to register a user, log in an existing user and log out an existing user. To test this functionality, first register a new user by clicking on the Register link as seen in Figure 6.
Once you click on the Register link you should see the User Registration page as seen in Figure 7.
After you register a user you'll see that you're automatically logged in as seen in Figure 8.
Now you can test out logging out a user by clicking on the Logout link in Figure 8. Lastly, test out the Login functionality by clicking on the Login link from Figure 7. You should now see the Login form as seen in Figure 9.
In this intro to the ASP.NET Core security series, I've shown you how easy it is to use the built-in authentication provider in ASP.NET Core. Stay tuned for the next installment where I'll show you how to put pages behind log in and create user roles, and use existing roles to restrict access to pages.
Eric Vogel is a Senior Software Developer for Red Cedar Solutions Group in Okemos, Michigan. He is the president of the Greater Lansing User Group for .NET. Eric enjoys learning about software architecture and craftsmanship, and is always looking for ways to create more robust and testable applications. Contact him at firstname.lastname@example.org.