Securing ASP.NET Core 6 with OAuth2 and OpenID Connect

سرفصل های دوره

In this course you’ll learn how to secure your ASP.NET Core 6 web applications and APIs with today’s de facto standards: OAuth2 and OpenID Connect.

1. Course Overview

1. Course Overview

02. Getting Started with ASP.NET Core Security

01. Coming Up

02. Positioning This Course

03. Course Prerequisites

04. Frameworks and Tooling

05. Application Architectures and Security

06. Working Towards a Central Identity Provider

07. Introducing OAuth2

08. Introducing OpenID Connect

09. Demo - Introducing the Demo Application

10. Summary

3. Understanding Authentication with OpenID Connect

1. Coming Up

2. Learning How OpenID Connect Works

3. Confidential and Public Clients

4. OpenID Connect Flows and Endpoints

5. Introducing Duende IdentityServer

6. Demo - Setting Up IdentityServer

7. Demo - Adding a User Interface

8. Demo - Adding Users to Test With

9. Summary

04. Securing Your User Authentication Processes

01. Coming Up

02. The Authorization Code Flow

03. Demo - Configuring IdentityServer to Log in with The Authorization Code Flow

04. Demo - Logging in with the Authorization Code Flow

05. Authorization Code Injection Attack

06. The Authorization Code Flow with PKCE Protection

07. Demo - Logging out of Our Web Application

08. Logging out of the Identity Provider

09. Demo - Redirecting After Logging out

10. The UserInfo Endpoint

11. Demo - Returning Additional Claims From the UserInfo Endpoint

12. Inspecting an Identity Token

13. Summary

5. Working with Claims in Your Web Application

1. Coming Up

2. Demo - Claims Transformation - Keeping the Original Claim Types

3. Demo - Claims Transformation - Manipulating the Claims Collection

4. Role-based Access Control

5. Demo - Role-based Authorization - Ensuring the Role Is Included

6. Demo - Role-based Authorization - Using the Role in Your Views

7. Demo - Role-based Authorization - Using the Role in Your Controllers

8. Demo - Creating an Access Denied Page

9. Summary

6. Understanding Authorization with OAuth2 and OpenID Connect

1. Coming Up

2. Learning How OAuth2 Works

3. Using OpenID Connect for Authentication and Authorization

4. OAuth2 and OpenID Connect Flows

5. Inspecting an Access Token

6. Summary

07. Securing Your API

01. Coming Up

02. The Authorization Code Flow with PKCE Protection

03. Demo - Securing Access to Your API (Part 1)

04. API Scopes vs. API Resources

05. Demo - Securing Access to Your API (Part 2)

06. Demo - Passing an Access Token to Your API

07. Demo - Using Access Token Claims When Getting Resources

08. Including Identity Claims in an Access Token

09. Demo - Including Identity Claims in an Access Token

10. Demo - Protecting the API When Creating a Resource (with Roles)

11. Summary

08. Authorization Policies and Access Control

01. Coming Up

02. Role-based Access Control vs. Attribute-based Access Control

03. Demo - Creating an Authorization Policy

04. Demo - Using an Authorization Policy (Web Client)

05. Demo - Using an Authorization Policy (API)

06. Fine-grained Policies with Scopes

07. Demo - Fine-grained Policies with Scopes

08. Extending Authorization Policies with Requirements and Handlers

09. Demo - Creating Custom Requirements and Handlers

10. Summary

09. Dealing with Token Expiration, Reference Tokens,and Token Revocation

01. Coming Up

02. Token Lifetimes and Expiration

03. Demo - Token Lifetimes and Expiration

04. Gaining Long-Lived Access with Refresh Tokens

05. Demo - Gaining Long-lived Access

06. Working with Reference Tokens

07. Demo - Working with Reference Tokens

08. Token Revocation

09. Demo - Revoking Tokens

10. Token Validation

11. Summary

10. Storing Users and Credentials in a Local Database

01. Coming Up

02. How Credentials Fit in OpenID Connect

03. Means of Authentication and Approaches

04. Implementation Approaches - Custom, ASP.NET Core Identity and the Micro

05. Inspecting the User Database Schema

06. Demo - Creating a User Database

07. Interacting with IdentityServer

08. Demo - Inspecting UI Interaction with IdentityServer

09. Demo - Inspecting the User Service

10. Demo - Integrating IdentityServer with a Custom User Database

11. Building Your Identity with a Profile Service

12. Demo - Building Your Identity with a Profile Service

13. Summary

11. Best Practices for User Management

01. Coming Up

02. Where Should User Management Screens Live

03. Demo - Implementing a User Registration Screen

04. Safely Storing Passwords

05. Demo - Safely Storing Passwords

06. Activating an Account

07. Demo - Activating an Account

08. Additional User Management Related Best Practices

09. Password Policy Best Practices

10. Summary

12. Integrating with Active Directory, Azure Active Directory, and Social Logins

01. Coming Up

02. Handling Integration with Third-party Provid

03. Use Cases for Windows Authentication

04. Windows Authentication Beneath the Covers

05. Demo - Enabling Windows Authentication on II

06. Demo - Integrating Windows Authentication wi

07. Federation with Third-party Identity Provide

08. Demo - Inspecting Support for Federating wit

09. Integrating with Azure AD

10. Demo - Registering an Application on Azure A

11. Demo - Integrating with Azure AD

12. Demo - Registering an Application on Faceboo

13. Demo - Integrating with Facebook

14. Challenges When Integrating with Third-party

15. Integrating with Other Third-party Identity

16. Summary

13. User Provisioning, Federation, and Federated Identity

01. Coming Up

02. Integrating Local Users with External Users

03. Federated Authentication and Federated Identity

04. Demo - Enhancing the Database Schema for Federated Identity

05. Demo - Provisioning a New User with a Federated Identity (Part 1)

06. Transforming Claims

07. Demo - Provisioning a New User with a Federated Identity (Part 2)

08. Provisioning a New User with a Federated Identity Flow Variations

09. Demo - Linking a Provider to an Existing User

10. Additional Federated Identity Use Cases

11. Summary

14. Supporting Multi-factor Authentication

1. Coming Up

2. Introducing Multi-factor Authentication

3. Supporting MFA with a One-Time Password Through Email

4. Supporting MFA with an Authenticator Application

5. Demo - Supporting MFA with an Authenticator Application (Enhancing the Database Sch

6. Supporting MFA with an Authenticator Application (Registration)

7. Supporting MFA with an Authenticator Application - Authentication

8. Demo - Supporting MFA with an Authenticator Application (Authentication)

9. Summary

15. Integrating with ASP.NET Core Identity

1. Coming Up

2. Integrating with ASP.NET Core Identity

3. Demo - Adding ASP.NET Core Identity

4. Summary

16. Getting Ready for Production and Deploying Your Identity Provider

01. Coming Up

02. Deploying IdentityServer to Azure

03. Demo - Persisting Configuration Data

04. Demo - Persisting Operational Data

05. Demo - Moving From SQLite to SQL Azure

06. Demo - Configuring Data Protection

07. Demo - Storing Key Material in Azure KeyVault

08. Demo - Configuring and Using the Forwarded Headers Midd

09. Demo - Applying a License

10. Demo - The Final Deployment

11. Summary

179,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight