Can I just use standard identity system that ships with ASP.NET Core when writing a Web API? I mean without JWT tokens, just throw in AddIdentity to ConfigureServices and use [Authorize] above my API controller. Just like standard MVC application without any API. I have single page application and I want my login and register pages to be multi-page. It's just easier than generating all those certificates, token configuration and searching for some token generation library or hosting a separate server like IdentityServer. What are disadvantages of using it over recommended JWT?
↧