Implementing Authorization in Web Applications and APIs

Explore the complexities of implementing authorization in web applications and APIs through this comprehensive conference talk. Learn why authentication is the easier part while authorization presents more challenges. Discover various approaches and potential pitfalls in authorization implementation, using the ASP.NET Core authorization API as an example of a robust abstraction layer. Gain insights into topics such as authentication metadata, authorization providers, client libraries, claims transformation, and resource-based authorization. Understand the importance of tailoring authorization strategies to fit specific application needs, as there is no one-size-fits-all solution. Delve into practical demonstrations and code examples to enhance your understanding of implementing secure and efficient authorization systems in your web applications and APIs.

Introduction
Authorization is hard
Authentication first
Authentication metadata
What happens if this data becomes ambiguous
Why this is a bad idea
Two things
Authorization Provider
Prototype
Demo
Authentication
Client Library
Dr Role
Other authorization styles
Claims transformation
New Authorization API
New Authorization API Demo
Dependency Injection
Policy Providers
Custom Requirements
Resource Based Authorization