Security in ASP.NET Core 2.1

Explore security enhancements in ASP.NET Core 2.1 through this comprehensive conference talk. Delve into topics such as Kestrel security, HTTPS by default, certificate configuration, SNI certification selection, and HSTS caveats. Learn about authentication options in ASP.NET Core template support, including individual user accounts and local database integration. Discover changes in ASP.NET Core 2.0 authentication, cookie middleware configuration, and API authentication. Gain insights into data protection, purpose strings, and key store implementation. Examine authorization goals, policies, requirements, and handlers, as well as resource-based authorization and identity features. Understand how these security improvements support both new and legacy scenarios in ASP.NET Core 2.1.

Intro
Kestrel security HTTPS by default
Certificate Config
SNI certification selection
Kestrel Security Configuration
HSTS caveats
Authentication Options in ASPNET Core Template Support
Individual User Accounts v2.1 Local Database
Template Authentication Individual User Accounts
ASPNET Core Authentication No more custom identity classes
ASPNET Core 20 Changes Authentication is now a single service
Do it yourself Cookie Authentication
Configuring cookie middleware
Implementing a validator
Authentication forwarding
Virtual Schemes
API Authentication The missing link
Data Protection One stop shop for encryption
Using Data Protection
Purpose Strings Their purpose
Configuring Data Protection Configuration Points
Implementing a key store IXmlRepository
Authorization Goal
Policies, Requirements & Handlers
Imperative Checks Evaluate your policies in code
Things to remember Register your handlers in DI
Resource Based Authorization Acting on a resource or model
Resource Authorization Handlers
Identity Features Packaged Uls