Identity & Access Control for modern Applications and APIs using ASP.NET Core 8

Multi-platform, multi-client, and highly-mobile users bring a new set of challenges, so the approaches of the past are no longer appropriate for modern applications. This two-day workshop is your chance to dive into all things security related to these new technologies. Learn how to securely connect native and browser-based applications to your back-ends and integrate them with enterprise identity management systems as well as social identity providers and services.

Technologies covered:
.NET Core, ASP.NET Core, MVC, Web APIs, Claims, OpenID Connect, OAuth 2.0, WS-Federation, SAML, JSON Web Tokens, Single Sign-on and off, Federation, Delegation, Home Realm, Discovery, CORS

Day 1: Foundation & Authentication

• Identity & Access Control in .NET Core
• ASP.NET Core Security Framework
  • Claims-based Identity
  • Cookie-based Authentication
  • Social Logins (e.g. Google, Facebook, Twitter, etc.)
  • OpenID Connect
  • Data Protection
  • Authorization
• Web Application Patterns
  • Single Sign On / Single Sign Off
  • Claims Transformation
  • Federation Gateway
  • Account & Identity Linking
  • Home Realm Discovery

Day 2: Web APIs & Access Control

• Securing APIs
  • Architecture & Scenarios
  • Token-based Authentication
• OAuth 2.0
  • Clients
  • Scopes
  • Flows
  • Token lifetime management
  • Refresh tokens
• OpenID Connect & OAuth 2.0 combined
  • Server to Server communication
  • Native & mobile Applications
  • SPAs
  • Custom credentials & token requests

Computer Setup:
Attendees will need to bring a computer with the latest .NET Core SDK and the IDE of your choice (e.g. Visual Studio) installed.