Secure User Account and Authentication Practices in ASP.NET 3 and ASP.NET Core 3
This course will teach you how to add secure authentication practices to your ASP.NET websites, including proper establishing and storing of passwords, multi-factor authentication, password recovery, and proper authorization techniques..
What you'll learn
Getting authentication and authorization done right in your website can help keep your users and their data safe from attacks. While perfect security is arguably impossible to achieve, you’re going to see a wide variety of techniques to help you keep your site secure. In this course, Secure User Account and Authentication Practices in ASP.NET and ASP.NET Core, you’ll learn to create secure websites that use recommended practices around user account management and authentication and authorization. First, you’ll explore how to properly implement a user authentication and registration process - including password policies and password recovery. Next, you’ll discover how to add additional security through multi-factor authentication and the prevention of some common authentication-related attacks. Finally, you’ll learn how to add authorization to your website to prevent authenticated users from seeing or doing things that they should not be able to. When you’re finished with this course, you’ll have the skills and knowledge of secure authentication and user account practices needed to create websites that you and your customers can be confident in.
Table of contents
- Version Check 0m
- Introduction 3m
- Authentication Features and Approach 3m
- Demo: Solution Overview and Database Setup 5m
- Demo: Use ASP.NET Core Identity with an Existing Database 6m
- Demo: Custom Password Hashers 6m
- ASP.NET Framework Identity 2m
- Password Considerations 2m
- Demo: Registration, Password Policies, and Security Stamps 8m
- Demo: IPasswordValidator and Pwned Passwords 4m
- Summary 1m
- Introduction 2m
- Email Verification and Password Reset Considerations 3m
- Demo: Email Verification for Registration and Login 7m
- Demo: Password Reset 2m
- Two-factor Authentication Considerations 3m
- Demo: Two-factor Authentication with Authenticator Apps 10m
- Authenticator Apps in ASP.NET Framework Projects 2m
- Summary and What's Next 1m
- Introduction 2m
- Demo: Account Locking 7m
- Demo: Customizing UserManager for Failed Attempts 4m
- Account Locking Considerations and Device Cookies 3m
- Credential Stuffing and Password Spray Attacks 2m
- Unvalidated Redirects 1m
- Demo: Unvalidated Redirects 5m
- Demo: Request Logging with Serilog 3m
- Session Hijacking 2m
- Summary and What's Next 2m
- Introduction 1m
- Authentication vs. Authorization 1m
- Demo: Requiring Authenticated Users 4m
- Demo: Using a Base Class for Authorization in ASP.NET WebForms 2m
- Claims and Roles as Key Authorization Ingredients 2m
- Demo: IUserClaimStore, Role-based Authorization, and Using Claims 6m
- Demo: Claims-based Authorization Policies 2m
- Authorization Requirements Vary 1m
- Demo: Rights-based Authorization 7m
- Demo: Requiring an MFA Challenge 5m
- Summary and Send-off 1m
About the author
Erik Dahl has been developing software and architecture for 20+ years, mostly doing in-house development for his employers. His recent work has included a multi-tenant B2B implementation and self-registration B2C implementation for Duende IdentityServer, upgrading legacy ASP.NET websites from server-side technologies to a client/server mix and adopting TypeScript, building Web APIs as the back end for mobile and web applications, and finding ways to modernize existing applications and make them ... more