Securing Microservices in ASP.NET Core
This course will teach you how to secure your ASP.NET Core microservices using a variety of best practice patterns for authentication and authorization.
What you'll learn
Authentication and authorization are two very important aspects of a secure microservices architecture. In this course, Securing Microservices in ASP.NET Core, you'll learn how to secure your microservices using a variety of best practice techniques for authentication and authorization. You'll learn how to work with an identity microservice, how to apply security with and without an API gateway, and how to improve upon the default security approach to reach a best-of-class implementation. By the end of this course you'll be comfortable implementing best-practice security techniques in microservices architectures.
Table of contents
- Coming Up 1m
- Course Prerequisites 1m
- Frameworks and Tooling 1m
- Inspecting the GloboTicket Demo Application 3m
- Demo - Getting Started with the Globoticket Demo Application 3m
- Token-based Security for Microservices 7m
- Demo - Inspecting an Identity Service 6m
- Accessing a Microservice on Behalf of the Client Application 2m
- Demo - Blocking Access to a Microservice 4m
- Demo - Accessing a Microservice on Behalf of the Client Application 9m
- Using the Identity Microservice to Log In 2m
- Demo - Using the Identity Microservice to Log In 12m
- Demo - Logging Out 3m
- Accessing a Microservice on Behalf of the User 1m
- Demo - Accessing a Microservice on Behalf of the User 6m
- Summary 2m
- Coming Up 1m
- The Problems with “One Token to Rule Them All” 3m
- Demo - Tightening Access with One Audience per Microservice 5m
- Comparing Security Scenarios 3m
- Authorization with Scopes Inside of a Microservice 1m
- Demo - Authorization with Scopes Inside of a Microservice 5m
- Downstream Service to Service Communication on Behalf of the Client 2m
- Supporting Token Exchange 3m
- Demo - Adding Support for the Token Exchange Grant 6m
- Demo - Service to Service Communication on Behalf of the User 7m
- Further Improvements 2m
- Summary 1m
- Coming Up 1m
- Exploring the API Gateway 2m
- A Common API Gateway Security Pattern 2m
- Introducing Ocelot 3m
- Demo - Adding Ocelot 7m
- Demo - Integrating Ocelot with Our Identity Service 6m
- Passing User Information to a Microservice 2m
- Demo - Passing User Information to a Microservice 6m
- The Backend-for-frontend Pattern 2m
- Summary 2m
- Coming Up 0m
- Improving the API Gateway Pattern (Part 1) 4m
- Demo - Making Microservices Responsible for Validating Incoming Tokens 5m
- Demo - Configuring the Gateway for Scope-based Microservice Access Authorization 8m
- Improving the API Gateway Pattern (Part 2) 2m
- Demo - Making the Gateway Responsible for Exchanging Tokens 11m
- Summary 1m
About the author
Kevin Dockx is a freelance solution architect, author & consultant, living in Antwerp (Belgium). He's mainly focused on solution/application architectures & security for web-based (API) applications built with .NET, but he also keeps an eye out for new developments concerning other products from the .NET stack. He's a Microsoft MVP and board member of the RD MS Community. He's also a regular speaker at various (inter)national conferences & user group events, and works on various open source pro... more