A Practical Look at Security and Identity in ASP.NET Core and Entity Framework Core

Explore a practical approach to implementing complex security and identity features in ASP.NET Core and Entity Framework Core. Delve into the journey of building a large-scale, multi-tenant web application with intricate user permission rules. Learn how to design and implement both feature-level and data-level authorization, overcoming the limitations of traditional roles-based systems. Discover techniques for controlling access to Web APIs, pages, and specific data sets. Gain insights into creating a custom Role ToPermissions entity class, implementing data-level authorization for personal information, and integrating these security measures within a DbContext. Acquire valuable knowledge on enhancing application security and managing user permissions effectively in ASP.NET Core projects.

Intro
Super-quick intro to ASP.NET Core identity
The limitations of the current roles-based system
Replacement of Roles-based system - overview
The Role ToPermissions entity class
Data level authorization
Data authorization example: personal data
Data authorization implementation: DbContext
The end (useful links)