Securing ASP.NET Core with OAuth2 and OpenID Connect
Authorization code flow with PKCE, claims, refresh tokens, ASP.NET Core Identity, federation and MFA.
Demo application: ImageGallery (MVC client + API + Marvin.IDP with Duende IdentityServer)
Duende IdentityServer is the open-source library used to build the identity provider (IDP) Marvin.IDP. It implements OAuth2 and OpenID Connect.
Historical problem: traditional applications managed authentication themselves → password in each app, no SSO.
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
21 sections- 1 Table of Contents
- 2 Overview and Architecture
- 3 Secure Architectures and History
- 4 OpenID Connect — Introduction and Flows
- 5 Authorization Code Flow + PKCE
- 6 Claims Transformation
- 7 OAuth2 — Client-Side Authorization
- 8 Securing the API
- 9 Authorization Policies — RBAC vs ABAC
- 10 Token Expiration, Refresh Tokens, Reference Tokens
- 11 BFF Pattern for JavaScript Clients
- 12 User Database — Local Configuration
- 13 ASP.NET Core Identity — Integration
- 14 Federation — Active Directory, Entra ID, Facebook
- 15 Federated Identity and User Provisioning
- 16 MFA with TOTP (Authenticator Apps)
- 17 Advanced ASP.NET Core Identity
- 18 Deploying to Production
- 19 Complete Config.cs — Production Configuration
- 20 Security Best Practices
- 21 Glossary
More Authentication & Security courses
View all 5Authentication and Authorization in ASP.NET Core
ASP.NET Core Identity, OpenID Connect, the BFF pattern, JWT, policies and data protection.
Securing ASP.NET Core 10 with OAuth2 and OpenID Connect
OAuth2/OIDC with Duende IdentityServer — claims, API security, token revocation and the BFF pattern.
Authentication and Authorization in ASP.NET Core 10 Blazor
Secure a Blazor Web App with Identity, render-mode-aware auth state, Entra ID and policies.
Authentication and Authorization in ASP.NET Core Blazor
Blazor render modes and security, Identity UI, AuthenticationStateProvider, Entra ID and RBAC vs ABAC.
Interested in this course?
Contact us to book it or get a custom training plan for your team.