5

I have the following code and i want to understand what is the difference between those two extension methods. What each one do?

services.AddAuthentication (JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer (options => options.TokenValidationParameters = new TokenValidationParameters {
                ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    ClockSkew = TimeSpan.Zero,
                    ValidIssuer = Issuer,
                    ValidAudience = Audience,
                    IssuerSigningKey = new SymmetricSecurityKey(secret)
            });

            services.AddAuthorization();

Thanks,

Dariusz Woźniak
  • 9,640
  • 6
  • 60
  • 73
hawks
  • 861
  • 1
  • 8
  • 20
  • 8
    One adds authentication. The other authorisation. One is who are you. The other is what can you do. Have you read https://learn.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-2.2#authentication-vs-authorization ? – mjwills Sep 19 '19 at 13:07
  • https://serverfault.com/a/57082 – nll_ptr Sep 19 '19 at 13:08
  • 1
    I think of authentication is when user send his credentials and you validate his credentials with the db and if all is correct you return a token to use for authorization. So my question how this mehtod adds authentication to my app? – hawks Sep 19 '19 at 13:21

1 Answers1

-7

If you know the differences between the terms, then maybe the best way to understand the differences between the methods is to look at the source code and see what services are registered.

AddAuthentication

AddAuthorization

LeBoucher
  • 412
  • 2
  • 8