Securing your applications and microservices using the security services provided by cloud platforms can seem like an impossible and complex development effort. Steeltoe reduces that effort by including security providers which enable you to easily integrate ASP.NET Core authentication and authorization features with Cloud Foundry security services.
Applications must have some notion of security, but you don’t want to lock the app in to a certain provider. Instead use the native functions of .NET and let the platform decide the provider. Cloud Security helps your app achieve that abstraction.
Why use security providers?
Steeltoe provides a number of Security related services that simplify using a cloud platform’s security services in ASP.NET applications.
Single Sign-on with OAuth2 or OpenID Connect
Leverage existing credentials managed by an OAuth2 service for authentication and authorization in ASP.NET Core applications or with OpenID Connect in ASP.NET Framework (4.x).
Resource Protection using JWT
Control access to REST resources by using JWT tokens.
Redis Key Storage Provider
Reconfigure the Data Protection service in ASP.NET to use an external Redis instance for key ring storage.
Interact directly with a CredHub secrets store in an ASP.NET application.