Authentication & Authorization
JWT tokens, cookie authentication, Identity, authorization policies, claims, role-based access
1What is a JWT (JSON Web Token)?
What is a JWT (JSON Web Token)?
回答
JWT is a self-contained token that encodes authentication information as digitally signed JSON. It consists of three parts separated by dots: header (algorithm), payload (data/claims), and signature (verification). Unlike server sessions, JWT is stateless and enables distributed authentication without server-side storage.
2What is the fundamental difference between authentication and authorization?
What is the fundamental difference between authentication and authorization?
回答
Authentication verifies user identity (who is he), while authorization determines permissions (what can he do). Authentication is always the first step, followed by authorization. For example, logging in with a password is authentication, then checking if the user can access an admin resource is authorization.
3How does cookie authentication work in ASP.NET Core?
How does cookie authentication work in ASP.NET Core?
回答
The server generates an encrypted cookie after credential validation, automatically stored by the browser. This cookie contains user claims and is automatically sent with each request. The server decrypts the cookie to identify the user without database query. Suitable for traditional web applications with server-side navigation.
What is the typical JWT authentication workflow in an API?
What is a claim in the authentication context?
+15 面接問題