CONCEPTS:

Authentication is responsible for identify/authenticate a user

Authorization is responsible for checking the authenticated use's access to a restricted resource.

Claims are key-value pair discriptions to representing a user(we can call the use pricipal), describing the user's properties.For  example, a claims set may looks like: {name:wyman,role:admin,department:it}

Identity represents ....

Authentication Scheme: types of authentication,like JWT,cookie and others.

USAGE:

Authentication middleware is added into the asp.net core pipeline in the Confure Method in Startup.cs class, by calling the UseAuthentication() method.

Authencation Service is used by the Authentication middleware, and it's registered in the ConfigureServices method by calling the AddAuthentication() extend method of IServiceCollection.

IAuthencationHandler is where the authentication work to be done.  there're three core methods :

AuthenticateAsync(): is the method responsible for authenticate a use, 

ChallengeAsync(): how to react when a unauthenticated user tries to access the stricted resource, depending on the specified authentication scheme, for example, JWTAuthentication will response a 401 header to the client, and CookieAuthentication may redirect client to the login page.

ForbidAsync: how to react when a authenticated user tries to access restricted resouce without permission.

 IAuthenticationHandler