Introduction
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. With AWS Cloud, you can quickly deploy and scale applications in the Cloud and never worry about the underlying infrastructure and maintenance risks.
AWS supports development on almost all the popular programming languages in the market and provide libraries to help developers build applications which can interact and leverage the cloud services offered.
.NET Developers can easily build and deploy applications built on .NET Core in AWS, for which AWS provides us with tools and libraries such as AWS Toolkit and Nuget packages. AWS also provides an extension for Visual Studio through which we can connect and work with AWS Cloud Services right from our development machines.
Managing User Identities and Authentication with AWS Cognito
Amazon Cognito provides authentication, authorization, and user management for web and mobile apps. Application users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.
The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for the app users. Identity pools enable applications to grant users access to other AWS services. We can use identity pools and user pools separately or together based on the use case.
Authenticating ASP.NET Core Users – AWS Cognito with JSON Web Tokens (JWT)
Amazon Cognito can help manage user identities and also provides a simple framework to authenticate users based on clients and auth tokens. We can create clients and each client can comply with OAuth standard to generate and validate JWTs.
User Management in ASP.NET Core with AWS Cognito
AWS Cognito also provides useful SDK and libraries to integrate and work with .NET applications. Developers can connect to Cognito programmatically and access User pools, Identities and also create customized functionalities for Login, Registration, Update Profiles and more.
Roles based Access Control via AWS Cognito
With AWS Cognito, you can not just authenticate users but can also create user roles and privileges. These roles can further be used to authorize users from accessing AWS resources from within the application. This is what we generally call – “Roles based Access Control”. In AWS Cognito, we use a combination of User Pools and Identity Pools to achieve this.
User Pools can help authenticate users, while Identity Pools can assign users the necessary roles and permissions to access resources. This we demonstrate using an ASP.NET Core application and JWTs.
Conclusion
AWS Cognito provides a very simple and ready to use user identity management platform that can help application users integrate with AWS Cloud Services. Cognito provides both user Authentication and Authorization solutions for validation and access control. The above set of resources can help developers get started with developing and integrating their .NET applications with AWS Cognito in a simple way. For more details you can check out the official AWS Documentation for Cognito.