Implementing Security in ASP.NET Core: Claims, Patterns, and Policies
There are two sides to security: Authentication and Authorization. Authentication is logging in to an application and establishing who you are. Authorization is figuring out what the user can do and making ensuring that they can’t do things that they aren’t supposed to.
I don’t know about you but sometimes it feels like everyone focuses on authentication and forgets about the authorization stuff.
In this session, we’ll focus on implementing Authorization in ASP.NET Core MVC and WebAPI. We’ll talk about claims-based security in ASP.NET Core, writing custom ASP.NET Core Middleware, authorizing using ASP.NET Policies, Authentication Requirements, and Authentication Handlers. Along the way, we’ll talk about how to use the Strategy Pattern to encapsulate authorization decisions in your app so that your security code stays clean and maintainable.
Here are some of the topics that are covered in the slides and sample code for this talk:
Benjamin Day is a consultant and trainer specializing in software development best practices using Scrum with Microsoft’s ALM tools. Ben’s main areas of emphasis include Team Foundation Server, Scrum, software testing, and software architecture. He is a Microsoft Visual Studio ALM MVP, a certified Scrum trainer via Scrum.org, and a speaker at conferences such as Pluralsight Live and VSLive. When not developing software, Ben’s been known to go running and kayaking in order to balance out his love of cheese, cured meats, and champagne. His online courses are available at Pluralsight and he can be contacted by email at [masked].
Venue and Food:
We meet at Microsoft offices in Burlington, MA (see address above) at 6-8 pm. As usual, there will be pizza and sodas provided. Please RSVP through this site if you will be attending.