Lifelong learning for working professionals
Securing ASP.NET using OpenID Connect and IdentityServer

Securing ASP.NET using OpenID Connect and IdentityServer

Course Summary

Today we face many authentication and authorization challenges when we’re designing and developing modern applications. The requirements are more challenging than ever, especially when we need to support everything from mobile and SPA applications, to microservices in the cloud.

OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very confusing with all the various concepts, including scopes, claims, flows, resources and tokens.

In this course, you will learn the following:

    • How OAuth and OpenID Connect work together in detail
    • How to set up an instance of IdentityServer
    • How to secure ASP.NET Core applications using OpenID Connect and IdentityServer

 

When we go through these things, we will not just configure some obscure magic libraries; instead, we will look under the hood of OpenID Connect and IdentityServer to understand what really makes them tick.

We recommend that you have a good computer that can run multiple instances of Visual Studio and at least one big monitor. In this course, we use ASP.NET Core 7 and IdentityServer 6.

After this course, we recommend you look at the course IdentityServer in Production, where we will teach you how to create a production-ready set-up of IdentityServer.

This course contains a lot of hands-on practical exercises where you will learn how to work with OpenID Connect and the latest version of Duende IdentityServer version 6.

ASP.NET Core developers who want to learn the fundamentals of OpenID Connect and how to protect applications using the latest version of IdentityServer. If you are using version 4 or 5 of IdentityServer, this course is still very relevant, as most things in this course are the same.

Ba­sic know­led­ge of

  • ASP.NET Core
  • C# (LINQ / Lambda…)
  • The HTTP(S) protocol and how the web works in general
  • HTML

In this course, we will cover the following:

OAuth 2.1 / OpenID Connect

Certificates and HTTPS

Token services

Duende Identity Server v5.x

JSON Web Tokens (JWT)

Scopes and claims

  • Identity resources
  • API resources
  • APIScopes

Securing the tokens

Cross-origin resource sharing (CORS)

Flows

Implicit flow

  • Authorization code flow
  • Client credentials flow

Proof Key for Code Exchange (PKCE)

External identity providers

Application types:

  • Web applications
  • SPA and mobile applications
  • Server-to-server communication

ASP.NET Core

  • Authentication
  • Data Protection API
  • Cookie authentication
  • Authorization
  • OpenID Connect
  • Claims transformations

And much more…

Course Overview

26 950 kr

3 Dagar

Can’t find a (suitable) date, but are interested in the course? Send in an expression of interest and we will do what we can to find a suitable opportunity.

Register interest

Customized Courses

The course can be adapted from several perspectives:

  • Content and focus area
  • Extent and scope
  • Delivery approach

In interaction with the course leader, we ensure that the course meets your needs.

Contact us

Stockholm

  • Tegnérlunden 3
    111 61 Stockholm
  • +46 8 587 116 10

Göteborg

  • Kungsportsavenyen 37
    411 36 Göteborg
  • +46 31 313 94 20

Skicka intresseanmälan för utbildningen

Send an expression of interest for the training