Securing ASP.NET Core 2 with OAuth2 and OpenID Connect
When you're building an ASP.NET Core 2 MVC web app or API, you'll want to secure it sooner than later. In this course, you'll learn how to utilize OAuth2 and OpenID Connect, today's widely-used standards, to help you achieve your goals efficiently.
What you'll learn
Knowing how to secure applications is important, but knowing why we make certain decisions is, arguably, even more important. In this course, Securing ASP.NET Core 2 with OAuth2 and OpenID Connect, you'll learn the ins and outs of OAuth2 and OpenID Connect (OIDC), being today's widely-used standards.
First, you'll explore what these standards entail, and how you can integrate their implementations in ASP.NET Core with IdentityServer4. Next, you'll discover how to secure both a web app and an API. Finally, you'll learn how to use authorization policies and deal with expired access.
By the end of this course, you'll have the necessary knowledge to efficiently secure your ASP.NET Core 2 applications.
Table of contents
- Coming Up 0m
- How OpenID Connect Works 2m
- Public and Confidential Clients 1m
- OpenID Connect Flows and Endpoints 5m
- OpenID Connect Flow for ASP.NET Core MVC 1m
- Introducing IdentityServer4 1m
- Demo: Setting up IdentityServer4 7m
- Demo: Adding a User Interface for IdentityServer4 3m
- Demo: Ensuring Traffic Is Encrypted 4m
- Summary 2m
- Coming Up 1m
- The Hybrid Flow 6m
- Demo: Configuring IdentityServer to Log In with the Hybrid Flow 2m
- Demo: Logging in with the Hybrid Flow 10m
- Demo: Logging Out of Our Web Application 2m
- Demo: Logging out of the Identity Provider 1m
- Demo: Redirecting After Logging Out 3m
- Demo: Returning Additional Claims (Part 1) 1m
- The UserInfo Endpoint 2m
- Demo: Returning Additional Claims (Part 2) 3m
- Inspecting an Identity Token 3m
- Summary 2m
- Coming Up 1m
- Demo: Claims Transformation - Keeping the Original Claim Types 2m
- Demo: Claims Transformation - Manipulating the Claims Collection 3m
- Getting Additional Information Through the UserInfo Endpoint 1m
- Demo: Getting Ready for Calling the UserInfo Endpoint 3m
- Demo: Manually Calling the UserInfo Endpoint to Get More Claims 5m
- Role-based Authorization 1m
- Demo: Role-based Authorization: Ensuring the Role Is Included 3m
- Demo: Role-based Authorization: Using the Role in Our Views 2m
- Demo: Role-based Authorization - Using the Role in Our Controllers 2m
- Demo: Creating an Access Denied Page 3m
- Summary 1m
- Coming Up 1m
- The Hybrid Flow 2m
- Demo: Securing Access to Our API 6m
- Demo: Passing an Access Token to Our API 4m
- Demo: Showing an Access Denied Page 2m
- Demo: Using Access Token Claims When Getting a Resource Collection 4m
- Including Identity Claims in an Access Token 1m
- Demo: Including Identity Claims in an Access Token 1m
- Demo: Protecting the API When Creating a Resource (with Roles) 4m
- Summary 1m
- Coming Up 1m
- Token Lifetimes and Expiration 2m
- Demo: Token Lifetimes and Expiration 3m
- Gaining Long-lived Access with Refresh Tokens 2m
- Demo: Gaining Long-lived Access with Refresh Tokens 8m
- Working with Reference Tokens 2m
- Demo: Working With Reference Tokens 2m
- Token Revocation 1m
- Demo: Revoking Tokens 3m
- Token Validation 7m
- What’s Next? 1m
- Summary 2m
About the author
Kevin Dockx is a freelance solution architect, author & consultant, living in Antwerp (Belgium). He's mainly focused on solution/application architectures & security for web-based (API) applications built with .NET, but he also keeps an eye out for new developments concerning other products from the .NET stack. He's a Microsoft MVP and board member of the RD MS Community. He's also a regular speaker at various (inter)national conferences & user group events, and works on various open source pro... more