Authentication and Authorization Using ASP.NET Identity
We now have a web site where users can create, edit, and search for products and manage images. At the moment, though, anyone can just open the site and edit, create, and delete products and images. This chapter shows you how to add some authentication so users can log in and how to add authorization based on roles to determine what tasks users can perform. The code in this chapter uses Microsoft ASP.NET Identity v2 combined with SQL LocalDb. Throughout the code in this chapter, you will see references to OWIN, which stands for Open Web Interface for .NET. The idea behind OWIN is that it acts as a layer of abstraction between a web application and the hosting environment.