OAuth2 and OpenID Connect Strategies for AngularJS and ASP.NET
When you're building an Angular or ASP.NET MVC-based application, sooner or later you'll want to secure it - preferably sooner rather than later. In this course, you'll learn how OAuth2 and OpenID Connect, today's widely-used standards, can help you with that.
What you'll learn
A typical application these days consists of (at least) a client application and an API. In this practical, demo-driven course, you'll learn how to work with authorization and authentication using today's widely-used standards: OAuth2 and OpenID Connect. The focus of this course is security, both for Angular and ASP.NET MVC-based applications, but it aims to go beyond that. Amongst other things, we'll look into finding a safe way to get identity-related information in your application over impersonation when accessing an API, right up to dealing with credentials and two-factor authentication.
Table of contents
- Client Credentials Flow 2m
- Demo - Client Credentials Flow 6m
- Can We Use This in an Angular Application? 1m
- Implicit Flow 2m
- Demo - Implicit Flow 6m
- Demo - Automatically Adding an Authorization Header in AngularJS 2m
- Authorization Code Flow 2m
- Demo - Authorization Code Flow 6m
- Resource Owner Password Credentials Flow 2m
- Demo - Resource Owner Password Credentials Flow - Part 1 4m
- Angular and Cross-origin Resource Sharing 1m
- Demo - Resource Owner Password Credentials Flow - Part 2 2m
- Summary 2m
- The Right Flow for the Right Client 2m
- Helper Components 1m
- Demo - OpenID Connect Hybrid Flow 6m
- Demo - Logging Out (MVC) 3m
- Demo - Transforming Claims (MVC) 4m
- Demo - Authorizing Access (MVC) 2m
- Demo - OpenID Connect Implicit Flow 5m
- Demo - Logging Out (Angular) 3m
- Demo - Authorizing Access (Angular) 3m
- Demo - The UserInfo Endpoint (Angular) 5m
- Demo - The UserInfo Endpoint (MVC) 4m
- Summary 1m
- Impersonating the User 2m
- Demo - Ensuring the Access Token Contains the Scope We Need 4m
- Demo - Extending a Selection at API Level Based on the User 3m
- Demo - Blocking Functionality at API Level Based on the User 2m
- Role-based Authorization 1m
- Demo - Role-based Authorization 3m
- Demo - Reusing Claims Across Scopes 3m
- Summary 1m
- Token Expiration 3m
- Demo - Controlling Token Expiration 6m
- Refresh Tokens 1m
- Demo - Handling Expired Tokens with Refresh Tokens (MVC) 7m
- Demo - Handling Expired Tokens with Redirection (Angular) 3m
- Redirection vs. Refresh Tokens 1m
- Single Sign-on 2m
- Demo - Single Sign-on between MVC and Angular 2m
- Demo - Redirecting to a Specific URI After Logging Out 4m
- Single Sign-out 4m
- Demo - Single Sign-out between MVC and Angular 7m
- Avoiding Visible Redirection in Angular with a Hidden Iframe 1m
- Demo - Avoiding Visible Redirection in Angular with a Hidden Iframe 2m
- Summary 2m
- Dealing with Credentials 2m
- Demo - A Custom User Store 8m
- Demo - Creating an Account by Providing a Registration Page 5m
- Demo - Integrating with Third-party Providers 9m
- Demo - Multiple Logins, One Account 7m
- Demo - Creating an Account from an External Identity Provider 4m
- WS-Federation and Windows Authentication 2m
- Demo - WS-Federation and Windows Authentication 9m
- Demo - Customizing the Login Flow Through Partial Login 6m
- Two-factor Authentication 2m
- Demo - Two-factor Authentication 7m
- Additional Packages and Resources 1m
- Course Summary 3m
About the author
Kevin Dockx is a freelance solution architect, author & consultant, living in Antwerp (Belgium). He's mainly focused on solution/application architectures & security for web-based (API) applications built with .NET, but he also keeps an eye out for new developments concerning other products from the .NET stack. He's a Microsoft MVP and board member of the RD MS Community. He's also a regular speaker at various (inter)national conferences & user group events, and works on various open source pro... more