Skip to content

damienbod/AspNetCoreSecurityWorkshop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
Exercises
Exercises
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exercise1.MD
exercise1.MD
 
 
exercise2.MD
exercise2.MD
 
 
exercise3.MD
exercise3.MD
 
 
exercise4.MD
exercise4.MD
 
 

Repository files navigation

ASP.NET Core Security Workshop

Workshop Requirements

  • PC with .NET Core 3 SDK and Visual Studio 2019/Visual Studio Code installed.
  • NodeJS
  • Internet WLAN connection

Tools Installation

9:00 - 10:30

Intro

- Introduction round
- Agenda
- Security requirements

ASP.NET Core Framework Security features

- ASP.NET Core Authentication
- ASP.NET Core Authorization
- ASP.NET Core Identity
- User Secrets
- Data Protection
- FIDO2

Exercise

ASP.NET Core Identity MFA

11:00 - 12:30

OpenID Connect, OAuth2 flows

- OpenID Connect, OAuth2
- OAuth2 Resource Owner Credentials Flow
- OpenID Connect Code flow + PKCE + secret
- OpenID Connect Hybrid flow
- OpenID Connect Authorization Code flow + PKCE - secret
- OAuth Device Flow

Exercise

IdentityServer4 secure token service with an ASP.NET Core OpenID Connect Code flow client + PKCE

12:30 - 14:00

Lunch

14:00 - 15:30

API Authorization

- APIs with tokens authorization
- APIs with cookies authorization
- Introspection
- Public, protected APIs

Exercise

Client/API with JWT Bearer token authorization

Authorization policies, claims

- Policies
- Handlers
- Requirements
- Custom authorization

Exercise

Implementing authorization using claims, policies, handlers

16:00 - 17:30

Protecting the session, client

- Click jacking
- XSS
- CSRF
- CSP
- HSTS
- Cookie protection

About

ASP.NET Core Security Workshop

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages