❔ AuthZ/AuthN with ASP.NET Minimal APIs
What's the correct way to do authz/authn with minimal APIs in asp.net? I'm doing both of those things based on the provided Authorization header, which is an API token of the format:
AuthZ will be treating the hashed ID like a username and the cryptographic portion like an auto-generated password to validate a user's identity.
AuthN will be simply validating that the (unhashed) ID matches the ID in the route the user is requesting.
What's the simplest (but still correct) way to do this? the article I read went wayyy over my head and looked designed for much more complicated solutions so maybe if someone else were to explain it I'd hopefully understand.
I'm unsure if it's just as simple as me implementing my own
AuthZ will be treating the hashed ID like a username and the cryptographic portion like an auto-generated password to validate a user's identity.
AuthN will be simply validating that the (unhashed) ID matches the ID in the route the user is requesting.
What's the simplest (but still correct) way to do this? the article I read went wayyy over my head and looked designed for much more complicated solutions so maybe if someone else were to explain it I'd hopefully understand.
I'm unsure if it's just as simple as me implementing my own
IAuthorizationServiceIAuthenticationService
