Which authentication method is good with Angular front end and .net core backend

Question

I have a angular 10 application( upgraded from angular 4) which is running as a front end and having .net core 3.1 web api (connecting to SQL server database)which is running as a back end project.

Now i am planning to implement login and authentication using both application. But confused with which technology i should follow? have read so many technologies like JWT , Oauth (please point any others also there) or i should look for something like OWIN ? Which is best in terms of security and performance? And which is the best way to hash the passwords in database?

I know the topic and question needs large volume of consideration but just the guidance will be enough for me to proceed.

Please help me!

Answer 1

Just to put things in perspective

• Owin is a way to communicate with your API in the .NET Framework, it has its way to implement OAuth2
• OAuth2 is a standard that tells you how to authenticate/authorize
• JWT is a tool that OAuth2 uses to authenticate (by validating the token)

You need to combine most of these technologies in to an implementation.

In layman terms:

• Upon successful login create a JWT token
• In the token you have an access token and a refresh token
• Refresh token is used to recreate an access token when it expires
• Access token is used to validate your identity

If you want to have an authentication server because you have a big system I suggest IdentityServer