How Does Authentication Work?5:04 with James Churchill
Let's take a look at how authentication works and how we can combine key based authentication and HTTP cookies to leverage a tried-and-true approach for implementing user authentication.
Authentication Handshake Options
Key based authentication isn't the only authentication handshake option that's available.
Millions of users are now interacting with each other using social media services like Facebook and Twitter. Instead of asking users to create yet-another-profile we can use Facebook and Twitter (and others) to authenticate users.
The benefits of this approach include:
- This will increase the likelihood of users using your web app
- Users don't have to remember another set of credentials
- Relieves you from the responsibility of protecting a user's credentials
Single Sign-On (SSO)
Typically used by enterprises or medium to large companies, users are able to sign-on once using their company credentials. These credentials are automatically passed to each authorized application so that users get access to a suite of applications without having to sign-on to each individually.
For more information about authentication handshake options, see Treehouse's Introduction to Application Security course.
Cookies vs Tokens
Cookies are often compared to tokens, but this is like comparing apples to oranges.
ASP.NET Identity embraces this idea of separation between state and state persistence. When using Identity, state is represented by a token. The token format is proprietary but can be customized. State persistence can be done via cookies or headers, allowing you as the developer to choose whichever is most appropriate for your application.
You need to sign up for Treehouse in order to download course files.Sign up