Using Amazon Cognito

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Users sign in directly with sign-in credentials or through a third party, such as Facebook, Amazon, Google, or Apple.

The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your application users. Identity pools enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together. For more information, see Common Amazon Cognito scenarios in the Amazon Cognito documentation.

Example use case

The following diagram shows an example of implementing Amazon Cognito with a serverless ASP.NET Core web app, Amazon API Gateway, and AWS Lambda. This architecture is implemented by using the following configuration:

An Amazon Cognito user pool is configured to authenticate, store, and manage users.
An ASP.NET Core web app is hosted in Lambda and fronted by API Gateway.
A client-side script authenticates the users against Amazon Cognito. The script receives a JSON Web Token (JWT) from Amazon Cognito (1) and passes it as an HTTP Authorization header to the web API methods for authorization. The JWT is then passed to API Gateway for authorization (2).

Using Amazon Cognito and API Gateway for secure .NET Framework application development

Resources

Common Amazon Cognito scenarios (Amazon Cognito documentation)
Authenticating Serverless ASP.NET Core Web APP Using Amazon Cognito (video)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using IAM in production environments

Application logging