Secure User Account and Authentication Practices in ASP.NET 3 and ASP.NET Core 3

Focused View

Erik Dahl

2:15:32

23 View

01. Course Overview

01. Course Overview.mp4

01:38

02. Implementing Secure Authentication

02. Introduction.mp4

02:44

03. Authentication Features and Approach.mp4

02:30

04. Demo- Solution Overview and Database Setup.mp4

04:56

05. Demo- Use ASP.NET Core Identity with an Existing Database.mp4

05:54

06. Demo- Custom Password Hashers.mp4

05:40

07. ASP.NET Framework Identity.mp4

01:51

08. Password Considerations.mp4

02:14

09. Demo- Registration Password Policies and Security Stamps.mp4

07:52

10. Demo- IPasswordValidator and Pwned Passwords.mp4

04:26

11. Summary.mp4

01:08

03. Improving Authentication Security

12. Introduction.mp4

01:35

13. Email Verification and Password Reset Considerations.mp4

03:23

14. Demo- Email Verification for Registration and Login.mp4

07:02

15. Demo- Password Reset.mp4

01:31

16. Two-factor Authentication Considerations.mp4

03:13

17. Demo- Two-factor Authentication with Authenticator Apps.mp4

09:32

18. Authenticator Apps in ASP.NET Framework Projects.mp4

01:38

19. Summary and Whats Next.mp4

01:03

04. Additional Defense Against Authentication Attacks

20. Introduction.mp4

02:07

21. Demo- Account Locking.mp4

07:24

22. Demo- Customizing UserManager for Failed Attempts.mp4

03:30

23. Account Locking Considerations and Device Cookies.mp4

02:31

24. Credential Stuffing and Password Spray Attacks.mp4

02:22

25. Unvalidated Redirects.mp4

01:27

26. Demo- Unvalidated Redirects.mp4

04:37

27. Demo- Request Logging with Serilog.mp4

03:02

28. Session Hijacking.mp4

02:20

29. Summary and Whats Next.mp4

01:33

05. Implementing Secure Authorization

30. Introduction.mp4

01:28

31. Authentication vs. Authorization.mp4

01:22

32. Demo- Requiring Authenticated Users.mp4

04:22

33. Demo- Using a Base Class for Authorization in ASP.NET WebForms.mp4

01:42

34. Claims and Roles as Key Authorization Ingredients.mp4

02:08

35. Demo- IUserClaimStore Role-based Authorization and Using Claims.mp4

06:25

36. Demo- Claims-based Authorization Policies.mp4

02:18

37. Authorization Requirements Vary.mp4

00:59

38. Demo- Rights-based Authorization.mp4

07:26

39. Demo- Requiring an MFA Challenge.mp4

05:16

40. Summary and Send-off.mp4

01:23

Description

This course will teach you how to add secure authentication practices to your ASP.NET websites, including proper establishing and storing of passwords, multi-factor authentication, password recovery, and proper authorization techniques..

What You'll Learn?

Getting authentication and authorization done right in your website can help keep your users and their data safe from attacks. While perfect security is arguably impossible to achieve, you’re going to see a wide variety of techniques to help you keep your site secure. In this course, Secure User Account and Authentication Practices in ASP.NET and ASP.NET Core, you’ll learn to create secure websites that use recommended practices around user account management and authentication and authorization. First, you’ll explore how to properly implement a user authentication and registration process - including password policies and password recovery. Next, you’ll discover how to add additional security through multi-factor authentication and the prevention of some common authentication-related attacks. Finally, you’ll learn how to add authorization to your website to prevent authenticated users from seeing or doing things that they should not be able to. When you’re finished with this course, you’ll have the skills and knowledge of secure authentication and user account practices needed to create websites that you and your customers can be confident in.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

ASP.NET Core

Information Security

Erik Dahl

Instructor's Courses

Erik Dahl has been developing software and architecture for 20+ years, mostly doing in-house development for his employers. His recent work has included a multi-tenant B2B implementation and self-registration B2C implementation for IdentityServer3, upgrading legacy ASP.NET websites from server-side technologies to a client/server mix and adopting TypeScript, building Web APIs as the back end for mobile and web applications, and laying the foundation for a Xamarin Forms mobile application using the Prism library. Erik currently works at RealPage as a Principal Architect, building and architecting solutions for their Utility Management products.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.