Full Stack Web Development

TH13 Authentication and Authorization in ASP.NET Core


1:30pm - 2:45pm

Level: Advanced

Roland Guijt

Microsoft MVP, Trainer

You've probably seen how a ASP.NET Core application works, but authentication and authorization are a different cup of tea. Microsoft completely re–did a large part of these security features in ASP.NET Core.

ASP.NET Identity enables you to do authentication for a single application and has a lot of ready-to-go features, but isn't it better to do centralized authentication with a token service using OpenId Connect? We'll explore that question and I'll explain and show you both ASP.NET Core identity, cloud options and the IdentityServer framework that helps you write a token service. Authorization has undergone a complete overhaul in ASP.NET Core. There's still the authorize attribute, but the recommended way of using it is by utilizing policies. You'll see how that works as well.

After this session you'll know what options you have for implementing authentication in ASP.NET Core. And you will understand how to implement these options. Also you'll know how to enforce authorization rules in your ASP.NET Core app.

You will learn:

  • Understand how to use ASP.NET Core Identity and when to use it
  • Know how and when to implement your own tokenservice
  • The new way to do authorization in ASP.NET Core.