I'm relatively new to .NET Core MVC / Web API and I'm currently implementing a multi user, multi role system.
The default IdentityUser that I extend from has a Guid primary key (which I know I can override).
In all other systems yet I pointed to the user's auto incremented PK int value to reference data that belongs to a certain user.
The question now is if this is Microsoft's intended use of this primary key for IdentityUser and if it's ok when I reference in all tables this (big) Guid, or I could create a separate Users table and create an (IdentityUser.Id, UserId auto increment) separate table and reference this UserId int. Or even another solution which I don't know yet.
I especially ask because I read multiple times that this Guid is supposed to be kept secret, but when I start to reference the Guid everywhere the likelihood of leakage increases.
Database is where all your secrets are stored, therefore, you don't need to worry if your GUIDs are used as foreign keys in other tables because they are still in your database. Maybe what you read about keeping it secret meant that you should not expose it to client-side apps, although I still disagree. Because one advantage of GUID is that even if a user gains one GUID, (unlike auto-incremented integers) he cannot guess the other ones.