Identity and Access Control for Modern Applications

The ultimate workshop for ASP.NET Core Authentication and Authorization, Duende IdentityServer, OAuth 2.0, and OpenID Connect.
Register Now
Contact Us

Modern application design has changed quite a bit in recent years. “Mobile-first” and “cloud-ready” are the types of applications you are expected to develop. Also, to keep pace with these architectural demands, Microsoft has revamped their complete web stack with ASP.NET Core.

Needless to say, you also have to secure these apps.

Multi-platform, multi-client, and highly-mobile users bring a new set of challenges, so the approaches of the past are no longer appropriate for modern applications. This three-day workshop is your chance to dive into all things security related to these new technologies. Learn how to securely connect native and browser-based applications to your back-ends and integrate them with enterprise identity management systems, as well as social identity providers and services.

This workshop covers everything you need to know to build modern and secure web, native, and mobile applications. The foundation will be Microsoft’s latest technology stack, but will also include Duende IdentityServer, which is the officially recommended framework for building token services.

This workshop can be delivered publicly, online, and on-site. For more information, please contact us.

Upcoming Workshops

Register today to secure your spot in one of our signature workshops, currently open for enrollment! Or contact us for an in-house version.
January 20-21, 2025 (EU)

NDC Security

  • Location: Oslo
  • Timezone: Europe
  • Length: 2 Days
  • Instructor: Anders

Curriculum

The full three-day workshop covers all topics listed in the curriculum below. Alternatively, you may also organize one- or two-day curricula with topics of your choosing.
Day 1 Foundation & Authentication
  • Identity & Access Control in ASP.NET
  • ASP.NET Core Security Framework
  • Claims-based Identity
  • Cookie-based Authentication
  • Social Logins (e.g. Google, Facebook, Twitter, etc.)
  • OpenID Connect
  • Data Protection
  • Authorization
  • Web Application Patterns
  • Single Sign-on/Single Sign-off
  • Claims Transformation
  • Federation Gateway
  • Account & Identity Linking
  • Home Realm Discovery
Day 2 Web APIs & Access Control
  • Securing APIs
  • Architecture & Scenarios
  • Token-based Authentication
  • OAuth 2.0
  • Clients
  • Scopes
  • Flows
  • Token Lifetime Management
  • Refresh Tokens
  • OpenID Connect & OAuth 2.0 Combined
  • Server-to-server Communication
  • Native & Mobile Applications
  • SPAs
  • Custom Credentials & Token Requests
Day 3 Duende IdentityServer Architecture & Scenarios
  • Setup
  • Configuration
  • Dependency Injection
  • Services
  • Customizations
  • Claims & Tokens
  • User Interface
  • Storage System
  • UI Workflows
  • Logging & Eventing
  • Hosting & Deployment

Hands-on Labs

Each of these hands-on labs will take you and your team approximately 1–2 hours to complete. All labs include step-by-step instructions, as well as reference solutions.

Lab 1: Authentication and Authorization

In this lab, you will add cookie-based authentication to the movie review website using the cookie authentication middleware and claims-based identity. Once users are authenticated, you will then also implement policy-based and resource-based authorization using the ASP.NET Core authorization framework.

Lab 2: External Authentication

In this lab you will remove the local authentication in the movie review application and change it to use external authentication. For the first part, you will use the OIDC protocol and use Duende IdentityServer as the provider. For the second part, you will use social media accounts as the provider.

Lab 3: Federation Gateway

In this lab, you will consolidate all external authentication into a single authentication gateway. Duende IdentityServer will act as this gateway. You will also implement single sign-out, which allows the user to sign out of both the movie web app and Duende IdentityServer.

Lab 4: Web APIs

In this lab, the movie review logic has been split into two projects: one for the back-end movie review logic as a web API, and one for the front-end movie review UI as a web application. The web API will require access tokens to use its functionality, and the movie review web app will obtain access tokens and pass them to the web API. Duende IdentityServer will be used to issue this access token to the movie review web application.

Lab 5: Mobile and Native Client Applications

In this lab, the client application is transformed into a native, cross-platform console application. The pertinent steps in this lab will be the same if you're building a Windows or macOS desktop application, and are no different than if you were to use a platform-specific UI framework to build your application (e.g. WinForms, WPF, MacApp, Cocoa, GTK#, etc.).

Lab 6: JavaScript Client Applications

In this lab, the movie review application has been rewritten as a pure JavaScript-based application. It won't have as much functionality as the previous labs, but it will suffice to show how to obtain an access token and call a web API.