IdentityServer

Training

Identity and Access Control for Modern Applications and APIs using ASP.NET Core

Modern application design has changed quite a bit in recent years. “Mobile-first” and “cloud-ready” are the types of applications you are expected to develop. Also, to keep pace with these demands, Microsoft has revamped their complete web stack with ASP.NET Core 1.0 to meet these architectural demands.

Needless to say, you also have to secure these apps.

Multi-platform, multi-client, and highly-mobile users bring a new set of challenges, so the approaches of the past are no longer appropriate for modern applications. This three-day workshop is your chance to dive into all things security related to these new technologies. Learn how to securely connect native and browser-based applications to your back-ends and integrate them with enterprise identity management systems as well as social identity providers and services.

This workshop covers everything you need to know to build modern and secure web, native & mobile applications. The foundation will be Microsoft’s latest technology stack, but will also include IdentityServer4, which is the officially recommended framework for building token services.

This workshop can be delivered onsite (contact us for more info), and publicly as listed below.

Upcoming Dates

January, 2017 London
2 days at NDC London with Brock and Dominick
February, 2017 Frankfurt
1 day at BASTA with Dominick (in German)
February, 2017 Copenhagen
2 days at NDC Copenhagen with Dominick
April, 2017 Stockholm
2 days at Cornerstone with Dominick
May, 2017 Oslo
2 days at ProgramUtvikling with Dominick
May, 2017 London
1 day at SDD with Brock and Dominick
May, 2017 Orlando
2 days at DevIntersection with Brock. Use promo code 'ALLEN' for a discount.
June, 2017 Oslo
2 days at NDC Oslo with Dominick
July, 2017 Montreal
1 day at DevTeach Montreal with Brock

Agenda

Day 1: Foundation & Authentication

  • Identity & Access Control in .NET Core
  • ASP.NET Core Security Framework
  • Claims-based Identity
  • Cookie-based Authentication
  • Social Logins (e.g. Google, Facebook, Twitter, etc.)
  • OpenID Connect
  • Data Protection
  • Authorization
  • Web Application Patterns
  • Single Sign On/Single Sign Off
  • Claims Transformation
  • Federation Gateway
  • Account & Identity Linking
  • Home Realm Discovery

Day 2: Web APIs & Access Control

  • Securing APIs
  • Architecture & Scenarios
  • Token-based Authentication
  • OAuth 2.0
  • Clients
  • Scopes
  • Flows
  • Token lifetime management
  • Refresh tokens
  • OpenID Connect & OAuth 2.0 combined
  • Server to Server communication
  • Native & mobile Applications
  • SPAs
  • Custom credentials & token requests

Day 3: IdentityServer Architecture & Deep Dive

  • Architecture
  • Configuration
  • Dependency Injection
  • Services
  • Customizations
  • Claims & tokens
  • User interface
  • Storage system
  • Workflows
  • Logging & eventing
  • Hosting & deployment