Understanding ASP.NET Core Security
This course has been updated to explain security in ASP.NET Core 2. ASP.NET Core security shouldn't be an afterthought when designing an application. Learn how to mitigate common attacks and implement encryption, authentication, and authorization.
What you'll learn
Learn how to make your ASP.NET Core app secure in this course. First you'll learn about common attacks and how to mitigate them with NWebSec. You'll learn the ins and outs of the new encryption API and how to protect secrets with the secret manager. Authentication is covered by explaining ASP.NET Core Identity as well as implementing a token service with IdentityServer. Finally you'll see that ASP.NET Core's authorization system is now policy based.
Table of contents
- Introduction 1m
- How ASP.NET Uses Encryption 3m
- Machine Key 2m
- Introducing the Data Protection API 2m
- How the Data Protection API Works 4m
- The Data Protection API In Practice 3m
- Time Limited Data Protectors 1m
- Protecting Secrets Using Environment Variables 2m
- Storing Secrets Using the Secret Manager 2m
- Summary 1m
- Introduction 1m
- What Is ASP.NET Core Identity? 5m
- Getting Started 2m
- Adding Identity to an Existing Application 5m
- Registering a User 3m
- Logging in and Out 3m
- Customizing the Framework 2m
- Adding Claims to a User 2m
- Customizing a User 4m
- Token Providers 4m
- Two Factor Authentication 3m
- Lockout 1m
- Configuration Options 2m
- External Authentication Providers 2m
- Configuring External Authentication Providers 5m
- Summary 1m
- Introduction 1m
- What Is a Token Service? 2m
- Token Service Concepts 2m
- Tokens 3m
- The OpenIdConnect and OAuth2 Standards 1m
- Redesigning an Existing Application Architecture to Use a Token Service 2m
- Setting up a Token Service with IdentityServer 5m
- Configuring Resources and Scopes 3m
- Configuring Users 1m
- Configuring Clients 2m
- Grants 4m
- Adding Token Service Support to a Web Client 5m
- Adding Token Service Support to an API 1m
- Calling a Protected API From a Web Application 2m
- Requesting Tokens with Client Credentials Flow 2m
- Adding a Database 3m
- Exploring the Database Structure 5m
- Leveraging ASP.NET Core Identity as a User Store 1m
- Implementing a Custom User Store 4m
- Refresh Tokens 3m
- Reference Tokens 3m
- Token Service Endpoints 2m
- Implementing External Authentication Providers 5m
- Summary 1m
About the author
Roland is a Microsoft MVP enjoying a constant curiosity around new techniques in software development. His focus is on all things .Net and browser technologies. As a long-time trainer, he led many courses on these topics and spoke about them at international conferences. He also travels around the globe to offer his self-developed workshops. The word that comes to mind when he thinks about software development is passion! Roland lives in The Netherlands with his wife and two boys.
