ASP.NET Core Security Deep Dive

This meetup is dedicated to ASP.NET Core and Security. We have invited Anders Abel over from Sweden to give is a tour of the new / updated security features in .NET Core followed by a deep dive.

Session descriptions

A Guided Tour of ASP.NET Core Security
ASP.NET Core is a fresh start. There is a new security model with a highly extendable authentication pipeline. Authorization is also flexible with policy-based security that can easily be extended. Data Protection can be used to securely store sensitive values in cookies or form fields. There is also utilities that help mitigate common attack vectors such as cross site request forgery and cross site scripting.

For modern web applications with more advanced authentication requirements IdentityServer4 can be embedded in an ASP.NET Core application to issue tokens. Those can then be used as bearer tokens when accessing REST APIs.

This overview explains what is available and shows hands on how applications are configured to use the available features.

Authentication and Authorization in Modern Web Applications
A modern Java-script-based client running in the untrusted web browser of the user needs secure access to a backend REST-API. Users of course require single sign on and in enterprise scenarios consolidated user management is a must. Building a secure system for login and access control that handles these scenarios has become more complex than ever.

But there is no need to build anything of this anymore, because it’s available as standard components building on standard interoperable protocols such as OAuth2 and OpenID Connect. A single page application can login to external providers such as Azure Active Directory through JavaScript libraries. An ASP.NET Core Web API backend can be protected through middleware and the improved authorization mechanisms in ASP.NET Core.

About the Speaker

Anders Abel (http://www.twitter.com/anders_abel) is a senior .NET developer at Kentor in Stockholm. He has been programming since he was 9 and still thinks it’s tremendously fun. With experiences ranging from assembly and C on embedded systems for machine control to authentication solutions in web applications in modern .NET Anders is a relentless learner that always takes the chance to get to know more. He regularly shares his knowledge as a speaker, at Stack Overflow, on his blog Passion for Coding and is an active Open Source Maintainer.

Event Host

Unity 3D has been kind enough to host this meetup and sponsor food and drinks in the break in between the two talks.

https://secure.meetupstatic.com/photos/event/2/b/a/600_460800698.jpeg