About the course:
Authentication and Authorisation are essential in almost every application. But how do you apply it properly and securely using best practices?
Our ASP.NET Authentication and Authorisation course will give you the skills you need to deploy robustly protected ASP.NET web applications.
You will learn Authentication for single applications and federated authentication using OpenID Connect - the current industry standard for authentication. You will also explore ASP.NET Core's own sophisticated authorisation methods too.
Your instructor will guide you through the theory using hands-on practical exercises to ensure you know how to apply it to real applications.
By the end of the course you will be confident to apply authentication and authorisation to new and existing ASP.NET Core applications.
You can attend this course remotely, as part of a wider training programme or standalone workshop. As soon as it's safe we'll go back to offering the course for custom on-site / in-house delivery as well as resuming our public scheduled courses in London.
Learning outcomes:
- What kind of authentication options are there and how do they work?
- How and when do I implement ASP.NET Core Identity?
- What are OAuth2 and OpenIdConnect?
- What is an identity provider?
- When do I use a cloud-based identity provider such as Azure AD?
- How and when do I use the IdentityServer framework to build your own?
- What is the correct way to do authorisation?
- Where does authorisation data come from?
Useful resources
Who should attend
Our Authentication and Authorisation in ASP.NET Core course is aimed at developers who have a solid basic understanding of ASP.NET Core either with Blazor, MVC or Razor pages and want to gain the knowledge to apply authentication and authorisation using the latest recommended techniques.
Prerequisites
Delegates should have attended our ASP.NET Core MVC training course or have equivalent ASP.NET experience.
Live, instructor-led online and on-site training
We appreciate that you need flexibility to fit in with new working situations - whether you're an individual, part of a distributed team, or simply have projects and deadlines to meet.
Our remote training can take place online in a virtual classroom, with content split into modules to accommodate your scheduling challenges and meet your learning goals. Get in touch today to find out how we can help design a cost-effective, flexible training solution.
As soon as it's safe, we'll return to also offering the on-site custom training courses and programmes upon which we've built our reputation.
Authentication and authorisation basics
- What is authentication?
- What is authorisation?
- The principles behind them
- What are claims?
- How to translate these principles to an application
Cookie authentication
- What is an identity cookie?
- Adding cookie authentication to an application
- Understanding and accessing the ClaimsPrincipal object
- Adding external authentication providers such as Google and Twitter
Implementing Authentication with ASP.NET Core Identity
- Start a new project with Identity
- Adding identity to existing applications
- Get to know and change the UI of Identity
- Using Identity's classes
- Enabling two-factor authentication
- Using roles
Using an OpenID Connect Identity Provider
- Authentication in an application landscape
- OpenID Connect concepts
- Working with single sign-on
- Using a cloud-based Identity Provider (Azure AD)
- Building an Identity Provider with IdentityServer
- Working with the different flows
- Protecting and calling an API with an access token
- Securing machine-to-machine communication
- Bearer, refresh and reference tokens
Applying Authorisation
- Understanding policy-based authorisation
- Checking policies in views and pages
- Applying requirements and handlers
- Resource-based policies
- Authorisation in APIs