Understanding identity services
In Chapter 5, Authentication and Authorization, you learned about security in the context of an ASP.NET Core MVC website. You saw an example of a local authentication database that a visitor could register with and then used it to authorize visitors identified as administrators to access protected areas of the website. But what if we don't want to authenticate using a local database?
Identity services are used to identify, authenticate, and authorize requests. It is important for these services to implement open standards so that you can integrate disparate systems. Common standards include OpenID Connect and OAuth 2.0.
Microsoft has no plans to officially support third-party authentication servers like IdentityServer4 because "creating and sustaining an authentication server is a full-time endeavor, and Microsoft already has a team and a product in that area, Azure Active Directory, which allows 500,000 objects for free."
