Identity, Authentication, and JWT Interview Questions
Q1. What is ASP.NET Core Identity?
Answer
ASP.NET Core Identity is a membership system that allows developers to manage users, passwords, roles, and claims. It provides features like user registration, login, and role management in ASP.NET Core applications.
Q2. What is Authentication in ASP.NET Core?
Answer
Authentication is the process of verifying a user's identity. In ASP.NET Core, authentication is implemented using middleware that inspects incoming requests and identifies users based on tokens, cookies, or other mechanisms.
Q3. What is Authorization in ASP.NET Core?
Answer
Authorization determines whether a user has access to a particular resource or functionality. ASP.NET Core supports role-based, policy-based, and claims-based authorization.
Q4. What is JWT in ASP.NET Core?
Answer
JWT (JSON Web Token) is a compact, URL-safe token format used for securely transmitting information between parties as a JSON object. It is commonly used for authorization and information exchange.
Q5. What is a Refresh Token?
Answer
A refresh token is a long-lived token used to obtain a new access token when the current access token expires. It enhances security by minimizing the exposure of user credentials.
Q6. What is a Claim in ASP.NET Core Identity?
Answer
A claim is a key-value pair that represents information about a user, such as their email, role, or permissions. Claims are used in identity and access management for fine-grained control.
Q7. How can you implement JWT Authentication in ASP.NET Core?
Answer
To implement JWT Authentication in ASP.NET Core:
1. Add the Microsoft.AspNetCore.Authentication.JwtBearer package.
2. Configure JWT authentication in `Startup.cs` or `Program.cs`.
3. Define token generation logic in your authentication service.
Q8. How do you configure roles in ASP.NET Core Identity?
Answer
Roles can be configured in ASP.NET Core Identity by using the RoleManager class. Roles are stored in the database and assigned to users for access control.
Q9. How do you create a custom claim in ASP.NET Core?
Answer
Custom claims can be added using the ClaimsIdentity class. Example:
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "JohnDoe"),
new Claim("Department", "IT")
};Q10. What is the difference between Authentication and Authorization?
Answer
Authentication verifies the identity of the user, while Authorization determines what resources the authenticated user can access.
Q11. What are Security Tokens in ASP.NET Core?
Answer
Security tokens are digital tokens used to secure API endpoints. They include claims that help identify the user and define their permissions.
Q12. What is Cookie Authentication in ASP.NET Core?
Answer
Cookie authentication stores the user's identity in an encrypted cookie. It is used for maintaining user sessions in web applications.
Q13. What is the purpose of `AddAuthentication()` in ASP.NET Core?
Answer
The `AddAuthentication()` method configures the authentication middleware for the application and defines the authentication scheme.
Q14. How do you implement Policy-Based Authorization in ASP.NET Core?
Answer
Policy-based authorization is implemented by defining custom policies using the `AddAuthorization` method and adding them to controllers or actions using the `[Authorize]` attribute.
Q15. What is the purpose of `UserManager` in ASP.NET Core Identity?
Answer
`UserManager` is a class used to manage user accounts, including creating, deleting, and updating user information in ASP.NET Core Identity.
Q16. How do you implement a Refresh Token in ASP.NET Core?
Answer
Implementing a Refresh Token involves:
1. Generating a Refresh Token during login.
2. Storing the Refresh Token securely.
3. Creating an endpoint to generate new access tokens using the Refresh Token.
Q17. What is `SignInManager` in ASP.NET Core Identity?
Answer
`SignInManager` handles user sign-in operations, including password sign-in, two-factor authentication, and external logins.
Q18. What is `RoleManager` in ASP.NET Core Identity?
Answer
`RoleManager` is a class used to manage user roles, including creating, deleting, and assigning roles to users.
Q19. How do you hash passwords in ASP.NET Core Identity?
Answer
Passwords are hashed automatically using `PasswordHasher<TUser>` in ASP.NET Core Identity to ensure secure storage.
Q20. What is IdentityServer4?
Answer
IdentityServer4 is an open-source OpenID Connect and OAuth 2.0 framework for ASP.NET Core that helps secure web applications and APIs.
Q21. What is OAuth 2.0?
Answer
OAuth 2.0 is an open standard for access delegation that allows third-party services to request limited access to user accounts without exposing passwords.
Q22. What is OpenID Connect?
Answer
OpenID Connect is an identity layer built on top of OAuth 2.0 that allows clients to verify the identity of users based on authentication performed by an authorization server.
Q23. What is Two-Factor Authentication (2FA)?
Answer
Two-Factor Authentication adds an extra layer of security by requiring users to provide two forms of identification before accessing their account.
Q24. What is the purpose of `AddAuthorization()` in ASP.NET Core?
Answer
The `AddAuthorization()` method is used to configure authorization policies that control user access to application resources.
Q25. How do you secure API endpoints in ASP.NET Core?
Answer
API endpoints can be secured by adding the `[Authorize]` attribute to controller actions and implementing JWT or cookie authentication schemes.
Q26. What is the difference between `IUserStore` and `IUserManager` in ASP.NET Core Identity?
Answer
`IUserStore` provides methods for managing user data in a data store, while `UserManager` offers higher-level APIs for managing user accounts.
Q27. What is `ClaimsPrincipal` in ASP.NET Core?
Answer
`ClaimsPrincipal` represents the current user's identity and contains claims that describe the user's roles and permissions.
Q28. How do you customize the `IdentityUser` class in ASP.NET Core Identity?
Answer
To customize the `IdentityUser` class, create a class that inherits from `IdentityUser` and add custom properties to it.
Q29. What is a Bearer Token in ASP.NET Core?
Answer
A Bearer Token is a type of access token that is included in HTTP headers to authenticate API requests.
Q30. What is the purpose of the `[AllowAnonymous]` attribute in ASP.NET Core?
Answer
The `[AllowAnonymous]` attribute allows access to specific controller actions or pages without requiring authentication.
.png){kind=small}
