Skip to content

Base Template — Authentication & Security

The kernel ships middleware hooks and package integration points for JWT, OpenID Connect, cookies, and API keys depending on enabled stacks. Layer 3 templates (Identity, Authorization Server, Gateway) specialize these flows.

Defaults and guidance

  • Use ASP.NET Core authentication middleware ordering documented in the repo README / AGENTS.md
  • Prefer policy-based authorization for APIs
  • Multi-tenancy — resolve tenant after authentication per platform guidance in ConnectSoft.Documentation SaaS guides

Secrets

  • Development: user secrets, local container env only (never commit secrets)
  • Azure: Key Vault references in App Service / Container Apps