Now let's look at the case of microservices. By nature, microservices are distributed systems. There is not a single instance of an application, rather, there are several distinct applications that coordinate with each other in harmony to produce the desired output.
Security in microservices
Why traditional .NET auth mechanism won't work?
One of the possible approaches for microservice security might be this: we mimic the same behavior as that of the auth layer in a monolith. This could be depicted as follows:
In this approach, we distributed the auth layer and provided it to all the microservices. Since each one is a different application, it will need its own auth mechanism. This inherently means that the user credential store is also different...