Getting Started with ASP.NET Core and OAuth

This course will teach you how to get started with ASP.NET Core and OAuth together to build a world-class, secure, and high-quality API. You'll learn how to introduce OAuth and OpenId Connect into your ASP.NET Core application.
Course info
Rating
(71)
Level
Beginner
Updated
Sep 28, 2017
Duration
4h 0m
Table of contents
Description
Course info
Rating
(71)
Level
Beginner
Updated
Sep 28, 2017
Duration
4h 0m
Description

How do you build a powerful and secure API using ASP.NET Core? In this course, Getting Started with ASP.NET Core and OAuth, you'll look at getting started with ASP.NET Core and OAuth together to build a world-class, both secure, and high quality API. First, you'll start off by looking at an insecure and badly designed ASP.NET Core API, talking about how to approach this API from third party applications, and also how to consume this API internally. Next, you'll discover the benefits of choosing different OAuth flows for different scenarios and you'll see how you can use IdentityServer to protect your API. Then, you'll learn how you can leverage hosted providers, such as Auth0 to secure your APIs as well as your websites. Finally, you' look into how you can introduce third party services for authentication, such as logging in using your Google account. By the end of this course, you'll have a better understanding on how to make this API a lot more secure.

About the author
About the author

Filip is an enthusiastic developer that strives to learn something new every day. With over a decade of experience in .NET, Filip actively spreads his knowledge and ideas around the globe.

More from the author
More courses by Filip Ekberg
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Filip Ekberg, and welcome to my course Getting Started with ASP. NET Core and OAuth. I'm a principal consultant and CEO at a company called fekberg in Sweden. We focus on mobility, education, and the future off the web. In this course, we're going to learn all that we need to know about securing an ASP. NET Core application using OAuth and OpenID Connect. You will learn a ton of interesting and extremely important things such as what's the difference between authentication and authorization, why do I need an authorization server such as IdentityServer or Auth0, what are flows, grants, claims, and tokens, and how do we work with token-based security, and of course we'll cover a lot of equally important things. By the end of this course, you will feel comfortable working with OAuth and OpenID Connect, and the different ways that this can be introduced in your application, be it using IdentityServer or Auth0, or any other hosted provider. You will definitely be the person to call for this job. I really hope that you'll join me on this journey to learn all about securing your APIs and websites with OAuth and OpenID Connect with this course Getting Started with ASP. NET Core and OAuth here at Pluralsight.

Understanding OAuth and OpenId Connect
Do you want to build a world-class API that's both secure and really easy for third parties to work with? Then this course is exactly what you're looking for. In this course, we're going to look at ASP. NET Core together with OAuth, OpenID Connect, and IdentityServer to explore how we can build exactly that. My name is Filip Ekberg, and I want to welcome you to the course, Getting Started with ASP. NET Core and OAuth. In this module, we'll be looking at understanding OAuth and OpenID Connect. If you watched my previous course covering ASP. NET APIs and OAuth, this module will service a refresher in everything that you need to know in order for you to start building a secure ASP. NET Core application.

Setting up ASP.NET Core and IdentityServer
Hey, this is Filip Ekberg, and you're watching Getting Started with ASP. NET Core and OAuth. In this module, we're going to look at setting up IdentityServer 4 together with ASP. NET Core. We'll see examples of how we can run this across different types of operating systems, as well as how we can start customizing IdentityServer to our needs, for things like changing the UI, adding clients, users, and APIs to our authorization server, and we'll also see how we can set up a self-sign certificate, and use that together with IdentityServer.

Consuming the API and Authorization Server
Hey, this is Filip Ekberg, and you're watching Getting Started with ASP. NET Core and OAuth. In this module, we'll be looking at consuming the API, as well as using our authorization server. We'll go over a ton of different things that'll help us secure our websites, API, and make sure that we can leverage IdentityServer to help us in all these different situations. We'll be looking at the differences between implicit flows and hybrid flows, we'll be talking about how to retrieve an access token, as well as using custom claims imbedded inside that access token. And of course we'll end the module by talking about how we can keep the access tokens fresh by leveraging the refresh tokens.

Customizing IdentityServer
Hey, this is Filip Ekberg, and you're watching Getting Started with ASP. NET Core and OAuth. In this module, we're going to talk about Customizing IdentityServer. We'll cover a lot of different things that'll help you along the way to get your authorization server into production. We'll talk about getting things into SQL Server, so you no longer have to rely on having all the users, clients, scopes, API resources, and everything that's concerning your authorization server in memory. And of course we'll be talking about how that ties into the Resource Owner Password Flow, as well as when you're doing authentication on your authorization server. And finally in this module, we'll be talking about how you can customize your UI, because you know, everyone wants their own little, nice touch to their UI to make their users feel at home when they're coming and authenticating on your authorization server.

Using Third-party Logins with IdentityServer
Hey, this is Filip Ekberg, and you're watching Getting Started with ASP. NET Core and OAuth. In this module, we're going to talk about Using Third-party Logins with IdentityServer. We're going to see how we can introduce an external provider so your users don't have to create local logins. A lot of us really have too many accounts on different systems. It's really handy when we can introduce logins using things like Google, Twitter, Facebook, or Microsoft. In this module, we'll be looking explicitly at introducing Google as an external login to IdentityServer.

Using Hosted OAuth Providers with ASP.NET Core
Hey, this is Filip Ekberg, and you're watching Getting Started with ASP. NET Core and OAuth. In this final module, we're going to talk about Using Hosted OAuth Providers with ASP. NET Core. We'll see how we can move across from using Identity Server to use a third party like Auth0. The knowledge we gain throughout this module is something that we're going to be able to apply, even if we were using services like Stormpath, Amazon Cognito, or other OAuth providers. We're going to see how it changes the behavior when we authenticate with our application, as well as when we validate that you are authorized to use our API. Throughout the module, I want you to think about the security implications that this could have on your current system, especially if you allow people to register using your third-party OAuth providers.