This is documentation for v11, which is no longer actively maintained.
For up-to-date documentation, see the latest version.

Overview

In this section we will learn how to secure our GraphQL endpoint.

Authentication

Authentication in Hot Chocolate is built around the official authentication mechanisms in ASP.NET Core, allowing us to fully embrace their customizability and variety of authentication providers.

Learn more about authentication

Authorization

Authorization is one of the most basic security concepts. It builds on top of authentication and allows us to restrict access to types and fields, based on whether a user is authenticated, assigned specific roles or satisfies one or more policies. Hot Chocolate closely matches and nicely integrates with the official ASP.NET Core authorization APIs.

Learn more about authorization