Hello Berner .NET friends

This year our NETworking workshop is all about Security in .NET Core 3.0. On our local mountain Gurten, we will learn the ins and outs of this topic while enjoying a great view and a delicious meal.

Registration

https://www.xing.com/events/networking-workshop-asp-net-core-3-0-security-2156691

Agenda

• 8:30 - 9:00 Welcome Coffee
• 9:00 - 10:30 Intro  
  •  Security requirements ASP.NET Core Framework Security features  
  • Claims, Principals, Identities, Claims based Identity
  • Cookie Authentication
  • Data Protection
  • Authorization
  • External Authentication Providers
  • User Secrets Exercise:
  • Cookie based authentication Identity ASP.NET Core Razor Pages application, EF Core SQLite DB, User secrets
• 10:30 - 11:00 Coffee break Tapis Rouge
• 11:00 - 12:30 OpenID Connect, OAuth2 flows
  • OAuth2 Resource Owner Credentials Flow
  • OpenID Connect Code flow
  • OpenID Connect Hybrid flow
  • OpenID Connect PKCE Authorization Code Flow RFC 7636
  • OAuth Device Flow Exercise
  • IdentityServer4 secure token service with an ASP.NET Core OpenID Connect Hybrid flow client
• 12:30 - 14:00 Lunch
• 14:00 - 15:30 API Authorization
  •  APIs with tokens authorization
  • APIs with cookies authorization
  • Introspection
  • Public, protected APIs Exercise
  • Client/API with JWT Bearer token authorization Authorization policies, claims
  • Policies
  • Handlers
  • Requirements
  • Custom authorization Exercise
  • Implementing authorization using claims, policies, handlers
• 15:30 - 16:00 Coffee break
• 16:00 - 17:30 Protecting the session, client
  • Click jacking
  • XSS
  • CSRF
  • CSP
  • HSTS
  • Cookie protection Exercise
  • Add security fixes to an existing ASP.NET Core application
• 17:30 Retrospective

Abstract

This workshop shows how authentication, authorization and security requirements can be implemented using ASP.NET Core 3.0. Some of the different approaches when implementing these in SPAs, or ASP.NET Core Razor/MVC will be explained as well as the different OpenID Connect/OAuth flows which should be used or can be used for these types of solutions.

About Damien

Damien is a web developer, architect and a Microsoft MVP for Visual Studio Development Technologies who loves to learn. He contributes regularly to open source projects on GitHub. He runs a very popular blog which focuses on ASP.NET Core, application security and Angular and co-runs the Swiss Angular group.

Workshop Requirements

PC with .NET Core 3 SDK and Visual Studio 2019/Visual Studio Code installed. - Internet WLAN connection

We are looking forward to your participation!

Martin Affolter, Kay Herzam und René Leupold