Syllabus

ASP.NET Core Complete Tutorial (ShopNest)

Module 1: Foundations
What is ASP.NET Core? Complete Guide Setting Up ASP.NET Core Development Environment ASP.NET Core Project Structure Explained MVC Architecture in ASP.NET Core — Complete Guide Controllers and Actions in ASP.NET Core Routing in ASP.NET Core — Conventional and Attribute Routing Views and Razor Syntax in ASP.NET Core Layouts, Partial Views and View Components Models and ViewModels in ASP.NET Core Forms, Model Binding and Validation in ASP.NET Core Tag Helpers in ASP.NET Core — Complete Guide Static Files, Bundling and Minification in ASP.NET Core
Module 2: Entity Framework Core
Entity Framework Core — Introduction and Setup EF Core Code First — Models, Migrations, Database EF Core CRUD Operations — Create, Read, Update, Delete EF Core LINQ Queries — Beginner to Advanced EF Core Relationships — One-to-One, One-to-Many, Many-to-Many EF Core Fluent API — Advanced Configuration EF Core Repository Pattern and Unit of Work EF Core Performance Optimization Database First Approach with EF Core (Scaffold) EF Core with SQL Server — Advanced Features
Module 3: Dependency Injection & Middleware
Dependency Injection in ASP.NET Core — Complete Guide Middleware in ASP.NET Core — Complete Guide Configuration in ASP.NET Core — appsettings, Environment Variables, Secrets Filters in ASP.NET Core — Action, Authorization, Exception, Resource, Result Logging in ASP.NET Core — ILogger, Serilog, NLog Error Handling and Exception Management in ASP.NET Core
Module 4: Authentication & Security
ASP.NET Core Identity — Complete Setup Guide Authentication in ASP.NET Core — Cookie and JWT Authorization in ASP.NET Core — Roles, Policies, Claims JWT Authentication with Refresh Tokens — Complete Implementation OAuth2 and External Login (Google, Facebook, Microsoft) Data Protection and Encryption in ASP.NET Core HTTPS, SSL Certificates and Security Best Practices
Module 5: Web API
Building REST APIs with ASP.NET Core — Complete Guide API Versioning in ASP.NET Core Swagger / OpenAPI Documentation in ASP.NET Core Input Validation in Web APIs — FluentValidation and Data Annotations Pagination, Filtering and Sorting in ASP.NET Core APIs HTTP Client and Consuming External APIs in ASP.NET Core Minimal APIs in ASP.NET Core .NET 8 SignalR — Real-Time Web Applications
Module 6: Advanced Architecture
Clean Architecture in ASP.NET Core CQRS Pattern with MediatR in ASP.NET Core Repository Pattern — Deep Dive with Generic Repository Background Services and Hosted Services in ASP.NET Core Caching in ASP.NET Core — In-Memory, Distributed, Redis Health Checks in ASP.NET Core AutoMapper in ASP.NET Core Microservices with ASP.NET Core — Introduction Message Queues with RabbitMQ / Azure Service Bus in ASP.NET Core gRPC with ASP.NET Core
Module 7: Testing
Unit Testing ASP.NET Core with xUnit and Moq Integration Testing in ASP.NET Core Testing EF Core — In-Memory vs SQLite Performance Testing and Load Testing ASP.NET Core APIs Test-Driven Development (TDD) in ASP.NET Core
Module 8: Deployment & DevOps
Deploying ASP.NET Core to IIS on Windows Server Docker and Containerization for ASP.NET Core Deploying ASP.NET Core to Azure App Service CI/CD with GitHub Actions for ASP.NET Core Azure SQL Database with ASP.NET Core Environment Configuration and Secrets Management
Module 9: Real-World Projects
Build a Complete Blog Website with ASP.NET Core MVC Build an E-Commerce Product Catalog API (ASP.NET Core Web API) Build a Student Management System (Complete CRUD App) Build a Job Portal (Full Stack ASP.NET Core) Build a REST API with Clean Architecture — Complete Guide Build a Real-Time Chat App with SignalR and ASP.NET Core
Module 10: Advanced Topics
Blazor WebAssembly and Blazor Server — Complete Guide gRPC, GraphQL and Alternative API Styles in ASP.NET Core Rate Limiting and API Throttling in ASP.NET Core .NET 8 Output Caching in ASP.NET Core .NET 8 ASP.NET Core .NET 9 New Features — Complete Guide
ASP.NET Core Complete Tutorial (ShopNest)
Lesson 30 of 75 40% of course

Authentication in ASP.NET Core — Cookie and JWT

1 · 5 min · 5/24/2026

Learn Authentication in ASP.NET Core — Cookie and JWT in our free ASP.NET Core Complete Tutorial (ShopNest) series. Step-by-step explanations, examples, and interview tips on Toolliyo Academy.

Sign in to track progress and bookmarks.

Authentication in ASP.NET Core — Cookie and JWT — ShopNest
Article 30 of 75 · Module 4: Authentication & Security · ShopNest SaaS Login System
Target keyword: authentication asp.net core jwt · Read time: ~31 min · .NET: 8 / 9 · Project: ShopNest SaaS Login System

Introduction

Authentication answers "who are you?" — Authorization (Article 31) answers "what can you do?". ShopNest SaaS uses cookie auth for the web app and JWT for mobile/API clients.

After this article you will

  • Distinguish authentication from authorization clearly
  • Configure cookie auth with sliding expiration
  • Generate and validate JWT tokens
  • Understand ClaimsPrincipal and [Authorize]
  • Configure security headers (HSTS, X-Frame-Options)

Prerequisites

Concept deep-dive

AuthenticationAuthorization
QuestionWho is this user?Can they access this resource?
ShopNest exampleLogin form / JWT[Authorize(Roles="Admin")]

JWT structure

header.payload.signature — payload contains claims (sub, email, roles); signature verified with secret key.

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidIssuer = config["Jwt:Issuer"],
        ValidAudience = config["Jwt:Audience"],
        IssuerSigningKey = new SymmetricSecurityKey(
            Encoding.UTF8.GetBytes(config["Jwt:Key"]!))
    };
});

Claims: User.FindFirst(ClaimTypes.Email)?.Value — identity is ClaimsPrincipal.

Security headers: app.UseHsts(), UseXContentTypeOptions, frame options via middleware.

Hands-on — ShopNest SaaS Login System

  1. Cookie auth for MVC storefront (Identity from Article 29).
  2. JwtTokenService generates token on /api/auth/login.
  3. API ProductsController with [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)].
  4. Remember me: cookie IsPersistent = true with longer ExpireTimeSpan.

Common errors & best practices

  • JWT secret in appsettings committed to Git — use User Secrets / Key Vault.
  • Confusing 401 vs 403 — 401 not authenticated; 403 authenticated but denied.
  • Not validating issuer/audience — tokens from other apps accepted.

Interview questions

Q: Cookie vs JWT?
A: Cookie for browser same-site sessions; JWT for SPA/mobile stateless APIs.

Q: What is a claim?
A: Key-value pair in token/cookie representing user facts (name, role, permission).

Q: Sliding expiration?
A: Cookie lifetime extends on activity — user stays logged in while active.

Summary

  • Authentication establishes identity; authorization checks permissions
  • Cookies for ShopNest web; JWT for SaaS API clients
  • Validate JWT issuer, audience, lifetime, and signature
  • Security headers harden browser behavior

Previous: ASP.NET Core Identity
Next: Authorization — Roles, Policies, Claims

FAQ

Multiple auth schemes?

Specify scheme on [Authorize] or endpoint — Cookie default for MVC, JWT for /api.

SSO intro?

External IdP (Azure AD) issues tokens — OAuth/OIDC in Article 33.

Interview Q&A for this course

Test your knowledge

Quizzes linked to this course—pass to earn certificates.

SOLID Design Principles — Practice Quiz
Test your understanding of SOLID Design Principles Tutorial. Single responsibility, open/c…
Intermediate 15 min
SignalR Real-Time — Practice Quiz
Test your understanding of SignalR Real-Time Tutorial. WebSockets, hubs, and live updates …
Intermediate 15 min
Microservices with .NET — Practice Quiz
Test your understanding of Microservices with .NET. Distributed systems, APIs, messaging, …
Intermediate 15 min
LINQ — Practice Quiz
Test your understanding of LINQ Tutorial. Query in-memory and database data with fluent LI…
Intermediate 15 min
Entity Framework Core — Practice Quiz
Test your understanding of Entity Framework Core Tutorial. Modern ORM: Code First, migrati…
Intermediate 15 min
Design Patterns in C# — Practice Quiz
Test your understanding of Design Patterns in C#. Creational, structural, and behavioral p…
Intermediate 15 min
Browse all quizzes
Previous Next
ASP.NET Core Complete Tutorial (ShopNest)

On this page

Introduction After this article you will Prerequisites Concept deep-dive JWT structure Hands-on — ShopNest SaaS Login System Common errors & best practices Interview questions Summary FAQ Multiple auth schemes? SSO intro?
Module 1: Foundations
What is ASP.NET Core? Complete Guide Setting Up ASP.NET Core Development Environment ASP.NET Core Project Structure Explained MVC Architecture in ASP.NET Core — Complete Guide Controllers and Actions in ASP.NET Core Routing in ASP.NET Core — Conventional and Attribute Routing Views and Razor Syntax in ASP.NET Core Layouts, Partial Views and View Components Models and ViewModels in ASP.NET Core Forms, Model Binding and Validation in ASP.NET Core Tag Helpers in ASP.NET Core — Complete Guide Static Files, Bundling and Minification in ASP.NET Core
Module 2: Entity Framework Core
Entity Framework Core — Introduction and Setup EF Core Code First — Models, Migrations, Database EF Core CRUD Operations — Create, Read, Update, Delete EF Core LINQ Queries — Beginner to Advanced EF Core Relationships — One-to-One, One-to-Many, Many-to-Many EF Core Fluent API — Advanced Configuration EF Core Repository Pattern and Unit of Work EF Core Performance Optimization Database First Approach with EF Core (Scaffold) EF Core with SQL Server — Advanced Features
Module 3: Dependency Injection & Middleware
Dependency Injection in ASP.NET Core — Complete Guide Middleware in ASP.NET Core — Complete Guide Configuration in ASP.NET Core — appsettings, Environment Variables, Secrets Filters in ASP.NET Core — Action, Authorization, Exception, Resource, Result Logging in ASP.NET Core — ILogger, Serilog, NLog Error Handling and Exception Management in ASP.NET Core
Module 4: Authentication & Security
ASP.NET Core Identity — Complete Setup Guide Authentication in ASP.NET Core — Cookie and JWT Authorization in ASP.NET Core — Roles, Policies, Claims JWT Authentication with Refresh Tokens — Complete Implementation OAuth2 and External Login (Google, Facebook, Microsoft) Data Protection and Encryption in ASP.NET Core HTTPS, SSL Certificates and Security Best Practices
Module 5: Web API
Building REST APIs with ASP.NET Core — Complete Guide API Versioning in ASP.NET Core Swagger / OpenAPI Documentation in ASP.NET Core Input Validation in Web APIs — FluentValidation and Data Annotations Pagination, Filtering and Sorting in ASP.NET Core APIs HTTP Client and Consuming External APIs in ASP.NET Core Minimal APIs in ASP.NET Core .NET 8 SignalR — Real-Time Web Applications
Module 6: Advanced Architecture
Clean Architecture in ASP.NET Core CQRS Pattern with MediatR in ASP.NET Core Repository Pattern — Deep Dive with Generic Repository Background Services and Hosted Services in ASP.NET Core Caching in ASP.NET Core — In-Memory, Distributed, Redis Health Checks in ASP.NET Core AutoMapper in ASP.NET Core Microservices with ASP.NET Core — Introduction Message Queues with RabbitMQ / Azure Service Bus in ASP.NET Core gRPC with ASP.NET Core
Module 7: Testing
Unit Testing ASP.NET Core with xUnit and Moq Integration Testing in ASP.NET Core Testing EF Core — In-Memory vs SQLite Performance Testing and Load Testing ASP.NET Core APIs Test-Driven Development (TDD) in ASP.NET Core
Module 8: Deployment & DevOps
Deploying ASP.NET Core to IIS on Windows Server Docker and Containerization for ASP.NET Core Deploying ASP.NET Core to Azure App Service CI/CD with GitHub Actions for ASP.NET Core Azure SQL Database with ASP.NET Core Environment Configuration and Secrets Management
Module 9: Real-World Projects
Build a Complete Blog Website with ASP.NET Core MVC Build an E-Commerce Product Catalog API (ASP.NET Core Web API) Build a Student Management System (Complete CRUD App) Build a Job Portal (Full Stack ASP.NET Core) Build a REST API with Clean Architecture — Complete Guide Build a Real-Time Chat App with SignalR and ASP.NET Core
Module 10: Advanced Topics
Blazor WebAssembly and Blazor Server — Complete Guide gRPC, GraphQL and Alternative API Styles in ASP.NET Core Rate Limiting and API Throttling in ASP.NET Core .NET 8 Output Caching in ASP.NET Core .NET 8 ASP.NET Core .NET 9 New Features — Complete Guide