Implementing Security in ASP.NET Core: Claims, Patterns, and Policies - Ben Day

There are two sides to security: Authentication and Authorization. Authentication is logging in to an application and establishing who you are. Authorization is figuring out what the user can do and making ensuring that they can’t do things that they aren’t supposed to.
I don’t know about you but sometimes it feels like everyone focuses on authentication and forgets about the authorization stuff.

In this session, we’ll focus on implementing Authorization in ASP.NET Core MVC and WebAPI. We’ll talk about claims-based security in ASP.NET Core, writing custom ASP.NET Core Middleware, authorizing using ASP.NET Policies, Authentication Requirements, and Authentication Handlers. Along the way, we’ll talk about how to use the Strategy Pattern to encapsulate authorization decisions in your app so that your security code stays clean and maintainable.