Understanding ASP.NET Core Security

By Roland Guijt
This course has been updated to explain security in ASP.NET Core 2. ASP.NET Core security shouldn't be an afterthought when designing an application. Learn how to mitigate common attacks and implement encryption, authentication, and authorization.
Play course overview
Course info
Rating
(146)
Level
Intermediate
Updated
Mar 8, 2017
Duration
3h 5m
Table of contents
Course Overview
Course Overview 1m
Protecting Your Application Against Common Attacks
Introduction 2m Applying SSL 4m Http Strict Transport Security (HSTS) 4m SQL Injection 3m Cross Site Request Forgery (CSRF) 4m Cross Site Scripting (XSS) 3m Content Security Policy (CSP) 2m Open Redirection Attack 2m Click-jacking 2m Same Origin Policy and CORS 6m Summary 1m
Understanding the Data Protection API and the Secret Manager
Introduction 1m How ASP.NET Uses Encryption 3m Machine Key 2m Introducing the Data Protection API 2m How the Data Protection API Works 4m The Data Protection API In Practice 3m Time Limited Data Protectors 1m Protecting Secrets Using Environment Variables 2m Storing Secrets Using the Secret Manager 2m Summary 1m
Implementing Authentication with ASP.NET Core Identity
Introduction 1m What Is ASP.NET Core Identity? 5m Getting Started 2m Adding Identity to an Existing Application 5m Registering a User 3m Logging in and Out 3m Customizing the Framework 2m Adding Claims to a User 2m Customizing a User 4m Token Providers 4m Two Factor Authentication 3m Lockout 1m Configuration Options 2m External Authentication Providers 2m Configuring External Authentication Providers 5m Summary 1m
Centralized Authentication with a Token Service
Introduction 1m What Is a Token Service? 2m Token Service Concepts 2m Tokens 3m The OpenIdConnect and OAuth2 Standards 1m Redesigning an Existing Application Architecture to Use a Token Service 2m Setting up a Token Service with IdentityServer 5m Configuring Resources and Scopes 3m Configuring Users 1m Configuring Clients 2m Grants 4m Adding Token Service Support to a Web Client 5m Adding Token Service Support to an API 1m Calling a Protected API From a Web Application 2m Requesting Tokens with Client Credentials Flow 2m Adding a Database 3m Exploring the Database Structure 5m Leveraging ASP.NET Core Identity as a User Store 1m Implementing a Custom User Store 4m Refresh Tokens 3m Reference Tokens 3m Token Service Endpoints 2m Implementing External Authentication Providers 5m Summary 1m
Applying Authorization
Introduction 1m Claims-based Authorization with Policies 4m Authorization in Views 1m Role-based Authorization 1m Understanding Custom Policies 3m Implementing Custom Policies 2m Resource-based Authorization 3m Using Policies in an API 2m Using a Custom Datasource for Authorization 3m Summary 1m
Description
Course info
Rating
(146)
Level
Intermediate
Updated
Mar 8, 2017
Duration
3h 5m
Description

Learn how to make your ASP.NET Core app secure in this course. First you'll learn about common attacks and how to mitigate them with NWebSec. You'll learn the ins and outs of the new encryption API and how to protect secrets with the secret manager. Authentication is covered by explaining ASP.NET Core Identity as well as implementing a token service with IdentityServer. Finally you'll see that ASP.NET Core's authorization system is now policy based.

About the author
Roland Guijt
About the author

Roland is a Microsoft MVP enjoying a constant curiosity around new techniques in software development. His focus is on all things .Net and browser technologies.

More from the author
ASP.NET Core Microservices: Getting Started
Beginner
1h 20m
Sep 24, 2020
Creating Blazor Components
Intermediate
1h 21m
Jun 2, 2020
Build Your First Data Visualization with Chart.js
Beginner
38m
May 20, 2020
More courses by Roland Guijt
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Roland Guijt and welcome to my course Understanding ASP. NET Core Security. I'm an MVP independent software architect, developer and trader based in the Netherlands. Security of web applications is now more important than ever. In this course you'll learn the aspects of ASP. NET Core security and how to efficiently integrate them in your projects. Some of the major topics I will cover include protecting your app against common attacks, such as cross site scripting and click checking, encrypting sensitive data with a brand new data protection API, authenticating users for a single application but also in a centralized way with the token service, how to write access rules to limit access to your application using ASP. NET Core's new authorization system. By the end of this course you will be ready to secure your application by efficiently applying threat protection, encryption, authentication and authorization. Before beginning the course you should be familiar with ASP. NET Core. Get up to speed with all the goodness that is in ASP. NET Core security here at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT