ASP.NET Core Security Workshop
- PC with .NET Core 3 SDK and Visual Studio 2019/Visual Studio Code installed.
- NodeJS
- Internet WLAN connection
Tools Installation
- Introduction round
- Agenda
- Security requirements
ASP.NET Core Framework Security features
- ASP.NET Core Authentication
- ASP.NET Core Authorization
- ASP.NET Core Identity
- User Secrets
- Data Protection
- FIDO2
ASP.NET Core Identity MFA
OpenID Connect, OAuth2 flows
- OpenID Connect, OAuth2
- OAuth2 Resource Owner Credentials Flow
- OpenID Connect Code flow + PKCE + secret
- OpenID Connect Hybrid flow
- OpenID Connect Authorization Code flow + PKCE - secret
- OAuth Device Flow
IdentityServer4 secure token service with an ASP.NET Core OpenID Connect Code flow client + PKCE
- APIs with tokens authorization
- APIs with cookies authorization
- Introspection
- Public, protected APIs
Client/API with JWT Bearer token authorization
Authorization policies, claims
- Policies
- Handlers
- Requirements
- Custom authorization
Implementing authorization using claims, policies, handlers
Protecting the session, client
- Click jacking
- XSS
- CSRF
- CSP
- HSTS
- Cookie protection