JSON Web Token is a security token which acts as a container for claims about the user, it can be transmitted easily between the Authorization server (Token Issuer), and the Resource server (Audience), the claims in JWT are encoded using JSON which make it easier to use especially in applications built using JavaScript. 

Developers can enforce Authentication middleware onto incoming requests by adding the AddAuthentication() middleware to the service pipeline. Apart from JWT Bearer authentication middleware which focuses on validating Jwt token header in incoming http requests and OpenId middlewares which validate Users and sets up Session Cookies in web applications

Improper Authentication and Session Management

Most web applications have an authentication module, and we should be careful when writing code for it. We could make mistakes like not removing the authentication cookies after a successful logout. This kind of mistake allows attackers to steal user credentials such as cookies and session values, and may result in attackers being able to access the complete application and cause major negative impacts.
 

.NET on Azure for Beginners
8 videos

.NET on Azure for Beginners will teach you the basics of Azure and how to leverage its services and features to build amazing cloud applications. You will learn how to deploy web apps, work with storage and data, authenticate and use Managed Identity, harness the power of containers, and even deploy with GitHub Actions. By the end of this series, you will have the skills and confidence to start developing your own .NET applications on Azure! 

In this section, I’m going to cover how you can use SignalR outside of a Hub. In most asp.net core applications, you will likely want to communicate with the connect clients from within your application but outside of a Hub. You can accomplish this by using the HubContext.

For example, an ASP.NET Core MVC Controller or any other class that is instantiated by ASP.NET Core’s Dependency Injection.

The HubContext allows you to send messages to your connected clients. It has many of the same features to communicate with clients as when you are inside of a Hub.  

• Easily simulate authentication and authorization using API keys and OAuth2
• Quickly generate JWT tokens for testing
• …and more!