ASP.NET Core brings many modern approaches to building web applications. Given its importance, updates to the security architecture are also included in this modern framework. This session will bring you up to speed on the main components in ASP.NET Core for securing your web applications and web APIs. This includes authenticating users with middleware, implementing policy-based authorization, and proper security architecture with protocols such as OpenId Connect and OAuth2. We will also see how to use OpenID Connect and OAuth2 to secure browser-based JavaScript applications and native/mobile applications. As part of our exploration into OpenID Connect and OAuth2, we will use the popular open source framework IdentityServer. Come and learn how ASP.NET Core and IdentityServer can be used to design for a modern security architecture.