Authentication and Authorization are an important concepts in any type of software development. Systems over network need a mechanism to allow or deny access to the protected resources.

Basic Authentication

Basic and Forms authentication approaches were sufficient enough if the Resource Owner (or User) wanted to access their own data on a remote server.

In the previous post, we implemented a middleware to authenticate and authorize user requests. The token we receive from the user requests should include their identity, claims, and expiry date. but how do they get this token in the first place?

JSON Web Tokens are convenient ways to do authentication and authorization on the server.

Some of the benefits of JWTs are:

• It can be consumed by a wider range of clients. In fact by any end-point who can understand HTTP (unline cookies which can be consumed mostly only by browsers).
• You only query the database first time to retrieve them and then you keep using them to authenticate as well as authorize the user.
• You can ask 3rd party identity providers to authenticate your users on your behalf and assign tokens to them.

In microservices architecture, you would probably have a separate Authorization service using Identity Server or such.

But .NET core can efficiently handle this task as well.

Let’s explore that.

You may have faced with situations that you need to make a lot of decisions based on an unknown (runtime) situation. You might have used if-then-else or switch-case statements to implement the code.

Probably the worst thing about conditional statements is that they are difficult to maintain. For any future changes, you have to come and alter the code.

Objects or entities should be open for extension, but closed for modification.

Open-closed Principle

Conditional statements are easy to write because that’s how our brains work but are often difficult to read. Especially when there are many conditions or when we make them nested.

In the Modularizing JavaScript Code post, I wrote about how to convert plain JavaScript codes into modules. (using Revealing Module Pattern).

We used Revealing Module Pattern, but in fact, there are several patterns for modularizing js codes.

File Structure

Modularizing can be done in a single js file, but it\’s recommended to split each module into a separate file. Doing so allows a better control over each module and facilitates working as teams on a project.

Global Namespace Pollution

All JavaScript codes can run inside Global Execution Context. This means that if we define variables and functions at the global level, then the other codes can access them, no matter if they are in different files.