To understand microservice security, let's step back and recall how we secured .NET monolithic applications. This will help us grasp why a microservice's auth mechanism needs to be different.
The critical mechanism that's used to secure applications has always been auth. Authentication verifies the identity of a user. Authorization manages what a user can or cannot access, also known as permissions. Encryption is the mechanism that helps you protect data, as it passes between the client and server. We're not going to discuss encryption too much, though—just to ensure that the data that goes over the wire is encrypted everywhere. This can be achieved through the use of the HTTPS protocol.
The following diagram depicts the flow of a typical auth mechanism in .NET monoliths:
In the preceding diagram, we can...