Authentication and Authorization in ASP.NET Core 2

public void ConfigureServices(IServiceCollection services)
{
    // ...
    services.AddCors();
    services.AddSingleton<IWorkService, WorkService>();
    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(o => o.LoginPath = new Microsoft.AspNetCore.Http.PathString("/login"))
        .AddGoogle(googleOptions =>
    {
        googleOptions.ClientId = Configuration["Authentication:Google:ClientId"];
        googleOptions.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
    });
    services.AddAuthorization(options => {
        options.AddPolicy("authenticated", policy =>
        {
            policy.AuthenticationSchemes.Add(GoogleDefaults.AuthenticationScheme);
            policy.RequireAuthenticatedUser();
        });
    });
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILogger<Startup> logger, IConfiguration config)
{
    // ...
    app.UseAuthentication();
}

References

  1. Authorize with a specific scheme in ASP.NET Core.
  2. aspnet/Security on GitHub.
  3. Using OAuth2 Middleware with ASP.NET Core 2.0.
  4. Introduction to Authentication with ASP.NET Core.
  5. ASP.NET Core 2.0 Authentication and Authorization System Demystified.
  6. Google API Client Libraries .NET.