ClaimsPrincipal represents a user (is what the HttpContext.SignInAsync method accepts and passes to the specified AuthenticationHandler.) and contains one or more instances of
ClaimsIdentity which in turn represent a single form of identification and contain one or more instances of
Claim, which represents a single piece of information about a user.
Authentication handlers are components that actually implement the behavior of the 5 verbs above. The default auth handler provided by ASP.NET Core is the Cookies authentication handler
Authentication Middleware is a module that can be inserted into the startup sequence and is run on every request. When the request is run, the authentication middleware asks the default scheme auth handler to run its authentication code.
my thanks to this article:https://digitalmccullough.com/posts/aspnetcore-auth-system-demystified.html
