Introduction to IdentityServer and OpenID-Connect

Securing ASP.NET using OpenID Connect and IdentityServer

Today we face many authentication and authorization challenges when we’re designing and developing modern applications. The requirements are more challenging than ever, especially when we need to support everything from mobile and SPA applications, to microservices in the cloud. OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very confusing with all the various concepts, including scopes, claims, flows, resources and tokens. In this course, you will learn the following: How OAuth and OpenID Connect work together in detail How to set up an instance of IdentityServer How to secure ASP.NET Core applications using OpenID Connect and IdentityServer When we go through these things, we will not just configure some obscure magic libraries; instead, we will look under the hood of OpenID Connect and IdentityServer to understand what really makes them tick. We recommend that you have a good computer that can run multiple instances of Visual Studio and at least one big monitor. In this course, we use ASP.NET Core 7 and IdentityServer 6. After this course, we recommend you look at the course IdentityServer in Production, where we will teach you how to create a production-ready set-up of IdentityServer. This course contains a lot of hands-on practical exercises where you will learn how to work with OpenID Connect and the latest version of Duende IdentityServer version 6.

Identity Server in Production

This course continues where our popular course Securing ASP.NET using OpenID Connect and IdentityServer with a clear focus on getting a complete IdentityServer architecture up and running in a real production environment. You will learn how to avoid many of the pitfalls and snags involved when you’re starting your deployment journey. When we say that this course is about deploying to production, we really mean it. In this course, we will deploy the services we create to the public internet, using real TLS certificates and automatic build/deployment. The solution you will deploy contains a client, an API, and a fully configured IdentityServer. We are especially proud that we don’t cheat or cut corners in this all-encompassing course. Instead, we will, for example: Store configuration data in a separate configuration service Create logs in a separate logging server for analytics and visualization Use real HTTPS certificates Create our own token signing keys Use continuous deployment to deploy our services This very hands-on course contains extensive exercises that will take you through all the steps involved in creating a successful identity solution.