Introduction to OpenID-Connect for .NET developers
Token-based security is an area that can be experienced as complex with its many different standards and concepts. In this seminar, I will introduce what OpenID-Connect is all about and demonstrate on an overall level how this can be applied in an ASP.NET Core environment.
Why have I snowballed into this particular topic?
In the past, this with authentication and authorization in .NET has always felt very abstract and magical. So over a year ago I decided to try to understand this for real, and therefore I now want to share what I learned during this trip!
The seminar is divided into two parts:
PART 1: Introduction to OAuth / OpenID-connect
[Tuesday 18 May at 12.00 - 13.00]
Here we will focus on what OAuth / OpenID-Connect is and how tokens can protect our systems. Among other things, we will address:
-
Where are our security challenges in a modern architecture?
-
Why do we need OAuth / OpenID-Connect?
-
What are tokens and what are the different tokens?
-
What are Scopes and Claims?
-
What feeds are there in OpenID-Connect?
PART 2: OpenID-connect and ASP.NET Core
[Wednesday 19 May at 12.00 - 13.00]
In this part, we look at how we can apply OpenID-Connect in an ASP.NET Core environment and together with IdentityServer secure an MVC application and an API. We address, among other things:
-
How is authentication and authorization implemented in ASP.NET core?
-
How to secure an ASP.NET Core MVC and API application using OpenID-Connect?
-
What is IdentityServer and how can we use it in our architecture?
With Tore Nestenius
When Tore Nestenius does not answer Identity-related questions at StackOverflow, he works as an architect and holds training courses for system developers several times a month. His focus is on topics such as .NET, C #, OpenID-Connect, web security, software architecture and DDD / CQRS. When he has the time, he likes to write blog posts within .NET.