Multi-platform, multi-client, and highly-mobile users bring a new set of challenges, so the approaches of the past are no longer appropriate for modern applications. This two-day workshop is your chance to dive into all things security related to these new technologies. Learn how to securely connect native and browser-based applications to your back-ends and integrate them with enterprise identity management systems as well as social identity providers and services.
Technologies covered:
.NET Core, ASP.NET Core, MVC, Web APIs, Claims, OpenID Connect, OAuth 2.0, WS-Federation, SAML, JSON Web Tokens, Single Sign-on and off, Federation, Delegation, Home Realm, Discovery, CORS
Day 1: Foundation & Authentication
- Identity & Access Control in ASP.NET
- ASP.NET Core Security Framework
- Claims-based Identity
- Cookie-based Authentication
- Social Logins (e.g. Google, Facebook, Twitter, etc.)
- OpenID Connect
- Data Protection
- Authorization
- Web Application Patterns
- Single Sign-on/Single Sign-off
- Claims Transformation
- Federation Gateway
- Account & Identity Linking
- Home Realm Discovery
Day 2: Web APIs & Access Control
- Securing APIs
- Architecture & Scenarios
- Token-based Authentication
- OAuth 2.0
- Clients
- Scopes
- Flows
- Token Lifetime Management
- Refresh Tokens
- OpenID Connect & OAuth 2.0 Combined
- Server-to-server Communication
- Native & Mobile Applications
- SPAs
- Custom Credentials & Token Requests
Day 3: Duende IdentityServerArchitecture & Scenarios
- Setup
- Configuration
- Dependency Injection
- Services
- Customizations
- Claims & Tokens
- User Interface
- Storage System
- UI Workflows
- Logging & Eventing
- Hosting & Deployment
Computer Setup:
Attendees will need to bring a computer with the latest .NET Core SDK and the IDE of your choice (e.g. Visual Studio) installed.
