Course info
Jun 21, 2012
2h 24m

Whenever you write an application that requires a login (and need to implement authorization based on that login), this course is for you. It provides a technical introduction to the authentication and authorization APIs in .NET, and focuses specifically on the new claims-based identity features in .NET 4.5.

About the author
About the author

Dominick works as an associate consultant for the Germany-based company thinktecture. His main area of focus is security in general and identity & access control in particular.

More from the author
Web API v2 Security
6h 12m
Apr 12, 2014
Identity and Access Control in WCF 4.5
3h 12m
Dec 14, 2012
More courses by Dominick Baier
Section Introduction Transcripts
Section Introduction Transcripts

Principals and Identities
Okay. So, in the first module, we gonna look at the idea of principals and identities which is something which is baked deep into the. net framework. And basically every application framework on the. net platform uses that concept so it's very important to know about how this works. So we -- we gonna first start with looking at the basic interfaces and looking at the thing called "Thread. Current Principal" which is a very important concept and also misunderstood. And then we gonna look at specific implementations of these interfaces. One is around Window's authentication. One is around custom authentication. And we gonna look at role-based access control which is -- well, as the name implies, how you can do authorization based on roles. And, as I said in the introduction, for this -- for this module we gonna pretend we are not on. net 4. 5 because everything I'm showing you here will basically work from. net 1. 0 till. net -- well, actually, to. net 4. 5. But, in 4. 5, there are some additions which we gonna talk about in the next module.

Claims: A Better Way to Model Identity
Hi, and welcome to our second module where we start to look at the new features that got added in DotNet 4. 5 and especially at this thing called claims and how this now integrates into the DotNet identity and control infrastructure. So we're going to first look at a little bit of motivation by Microsoft, actually, built this thing and took all the effort to integrate it into. NET. Then we look at this thing called a claim, and I have a technical description of what that is. Then we have a look at a new principal implementation that ships with DotNet 4. 5 called ClaimsPrincipal, which is a container for claims. We look at how these relate to the standard DotNet principals, the ones we've seen before. And I'm going to introduce you to a new easier way to deal with thread of current principal, called ClaimsPrincipal of current (assumed spelling), and we have a look at basically what do you do if you have like custom principals and how they relate to this new ClaimsPrincipal class.

Outlook - Where are claims used in .NET
In the last module, we're gonna look at where are claims actually used in the. net framework 4. 5. So what we're gonna do is we -- we're gonna look at three very common application scenarios ASP. net, WCF, and ASP. net web API. And, in all of them, I will basically show you how claims and the new principal and identity class are used and how you can use them to write applications that deal with identity.