At the start of this chapter, we introduced the concepts of authentication and authorization, acknowledging the fact that most applications, including ours, do require a mechanism to properly handle authenticated and non-authenticated clients, as well as authorized and unauthorized requests.

We took some time to properly understand the similarities and differences between authentication and authorization, as well as the pros and cons of handling these tasks using our own internal provider or delegating them to third-party providers such as Google, Facebook, and Twitter. We also found out that, luckily enough, the AspNetCore.Identity framework can be configured to achieve the best of both worlds. To be able to use it we added the required ...