Implementing Security in ASP.NET Core: Claims, Patterns, and Policies - Ben Day

New England Microsoft Developers
New England Microsoft Developers
Public group

Microsoft Office

5 Wayside Rd. · Burlington, MA

How to find us

Please bring a government issued photo ID to be admitted to the building

Location image of event venue


There are two sides to security: Authentication and Authorization. Authentication is logging in to an application and establishing who you are. Authorization is figuring out what the user can do and making ensuring that they can’t do things that they aren’t supposed to.
I don’t know about you but sometimes it feels like everyone focuses on authentication and forgets about the authorization stuff.

In this session, we’ll focus on implementing Authorization in ASP.NET Core MVC and WebAPI. We’ll talk about claims-based security in ASP.NET Core, writing custom ASP.NET Core Middleware, authorizing using ASP.NET Policies, Authentication Requirements, and Authentication Handlers. Along the way, we’ll talk about how to use the Strategy Pattern to encapsulate authorization decisions in your app so that your security code stays clean and maintainable.