.NETworking Workshop ASP.NET Core 3.0 Security
Donnerstag, 14. November 2019 um 8:30 Uhr
Hello Berner .NET friends
This year our NETworking workshop is all about Security in .NET Core 3.0. On our local mountain Gurten, we will learn the ins and outs of this topic while enjoying a great view and a delicious meal.
Registration
https://www.xing.com/events/networking-workshop-asp-net-core-3-0-security-2156691
Agenda
- 8:30 - 9:00 Welcome Coffee
- 9:00 - 10:30 Intro
- Security requirements ASP.NET Core Framework Security features
- Claims, Principals, Identities, Claims based Identity
- Cookie Authentication
- Data Protection
- Authorization
- External Authentication Providers
- User Secrets Exercise:
- Cookie based authentication Identity ASP.NET Core Razor Pages application, EF Core SQLite DB, User secrets
- 10:30 - 11:00 Coffee break Tapis Rouge
- 11:00 - 12:30 OpenID Connect, OAuth2 flows
- OAuth2 Resource Owner Credentials Flow
- OpenID Connect Code flow
- OpenID Connect Hybrid flow
- OpenID Connect PKCE Authorization Code Flow RFC 7636
- OAuth Device Flow Exercise
- IdentityServer4 secure token service with an ASP.NET Core OpenID Connect Hybrid flow client
- 12:30 - 14:00 Lunch
- 14:00 - 15:30 API Authorization
- APIs with tokens authorization
- APIs with cookies authorization
- Introspection
- Public, protected APIs Exercise
- Client/API with JWT Bearer token authorization Authorization policies, claims
- Policies
- Handlers
- Requirements
- Custom authorization Exercise
- Implementing authorization using claims, policies, handlers
- 15:30 - 16:00 Coffee break
- 16:00 - 17:30 Protecting the session, client
- Click jacking
- XSS
- CSRF
- CSP
- HSTS
- Cookie protection Exercise
- Add security fixes to an existing ASP.NET Core application
- 17:30 Retrospective
Abstract
This workshop shows how authentication, authorization and security requirements can be implemented using ASP.NET Core 3.0. Some of the different approaches when implementing these in SPAs, or ASP.NET Core Razor/MVC will be explained as well as the different OpenID Connect/OAuth flows which should be used or can be used for these types of solutions.
About Damien
Damien is a web developer, architect and a Microsoft MVP for Visual Studio Development Technologies who loves to learn. He contributes regularly to open source projects on GitHub. He runs a very popular blog which focuses on ASP.NET Core, application security and Angular and co-runs the Swiss Angular group.
Workshop Requirements
PC with .NET Core 3 SDK and Visual Studio 2019/Visual Studio Code installed. - Internet WLAN connection
We are looking forward to your participation!
Martin Affolter, Kay Herzam und René Leupold