I am creating a SPA using React and Redux on top of the dotnet 2.0 kernel. Unfortunately, the vs2017 template for this does not include authentication / authorization.
Looking around, I saw how many people talked about using JWT and suggested things like Identity Server or OpenIddict to handle this, but I only ever used the aspnet id to protect security before.
My question is, is it possible to protect the response application using only the aspnet identifier, and if so, why so many people are jumping directly into the JWT as a solution to protect SPA applications?
Is token-based authentication the only method that works with the SPA application, or can I use cookie-based authentication?
source share