A refreshing spin to Auth in ASP.NET Core 8


Written by Anders Marzi Tornblad

Let's dive into the sea of authentication, authorization, and identity management - collectively known as "auth". The ASP.NET Core team is making some significant enhancements to the .NET 8, with the aim of making our lives as developers easier, and our apps more secure and intuitive for our users.

Enabling auth in our ASP.NET Core applications has traditionally presented a trio of options: the ready-to-use ASP.NET Core Identity, the versatile Azure Active Directory (Azure AD), or a range of third-party solutions. However, for those of us developing Single Page Applications (SPAs), ASP.NET Core Identity had its limitations, notably the lack of built-in support for token-based auth.

The ASP.NET Core team has been listening to our feedback, and has been hard at work to make auth in ASP.NET Core 8 more flexible and streamlined. Let's take a look at some of the enhancements coming our way.

IdentityServer: Time for a Change

In .NET 8, the ASP.NET Core team will sever the tie between their SPA templates and Duende's IdentityServer. This change will offer us greater flexibility in choosing an identity management solution that aligns best with our app needs. But rest assured, IdentityServer isn't vanishing - it remains a sound option for Open ID Connect and OAuth 2.0 solutions.

Elevating Auth for Self-hosted Solutions

The team is making some solid strides for those who prefer to avoid the complexity of maintaining an OAuth/OpenID Connect server:

  1. The introduction of customization in SPAs: an enhancement to the existing cookie-based auth for a smoother user experience.
  2. The support for token-based auth: a welcome modernization for a more flexible and self-contained auth solution.

These updates, however, cater to solutions operating on a single domain without needing to authenticate to cloud resources or third-party APIs. For these more complex needs, Azure AD, IdentityServer, or other third-party solutions remain your best bet.

Simplified Learning and Discovery

Better, more intuitive documentation is also on the docket for .NET 8. Expect a single entry point to all auth-related resources, with a more scenario-based approach for clearer and more effective learning.

Wrapping up

The team is knee-deep in the process of fine-tuning these changes, and they are eager to hear our feedback. As they roll out, I recommend keeping an eye on the ASP.NET Core GitHub.

Remember, our voices shape the future of ASP.NET Core. So, until next time, stay curious, stay coding!