Identity & Access Control for modern Web Applications and API

Kursarrangør: Programutvikling AS
Sted: Scandic Nidelven
          Sør-Trøndelag, Trondheim
Kursadresse: Havnegata 1 - 4, 7010 Trondheim (kart)
Type:Åpent kurs / gruppeundervisning
Undervisningstid: kl 09:00 - 17:00
Varighet: 2 dager
Pris: 9 900

Modern application design has changed quite a bit in recent years. "Mobile-first" and "cloud-ready" are the types of applications you are expected to develop.

Also, to keep pace with these demands, Microsoft has revamped their web stack with OWIN, Katana, and soon to be released ASP.NET 5 to meet these architectural demands.

Needless to say, you also have to secure these apps. Multi-platform, multi-client, and highly-mobile users bring a new set of challenges, so the approaches of the past are no longer appropriate for modern applications. This two day workshop is your chance to dive into all things security related to these new technologies. Learn how to securely connect native and browser-based applications to your back-ends and integrate them with enterprise identity management systems as well as social identity providers and services.

Tags: WS-Federation, SAML, OAuth 2.0, OpenID Connect, OWIN, Katana, ASP.NET 5, JSON Web Tokens, Single Sign-on and off, Federation, Delegation, Home Realm Discovery, CORS.

Day 1: Web Applications:
• Authentication & Authorization on .NET 4.5 and beyond
• Introduction to OWIN and the Katana Project
• Middleware-based Security Framework
• Cookie-based Authentication
• Enterprise Authentication with WS-Federation

• Social Logins (e.g. Google, Facebook, Twitter, etc.)
• OpenID Connect
• Web Application Patterns
• Single Sign On / Single Sign Off
• Claims Transformation

• Claims-based Authorization
• Federation Gateway
• Account & Identity Linking
• Delegation
• Home Realm Discovery

Day 2: Web APIs
• ASP.NET Web API Security
• Architecture
• Authentication & Authorization
• Katana Integration
• Web API Patterns
• Token-based Authentication
• Delegated Authorization

• OAuth 2.0
• Clients
• Scopes
• Flows
• OAuth 2.0 Bearer Token Middleware
• Federation

• OpenID Connect & OAuth 2.0 combined
• The future of web application security in ASP.NET 5 and MVC 6
• Claims, ClaimsPrincipal and Integration into ASP.NET 5 & MVC 6
• What´s new & different in Authentication Middleware
• Claims Transformation
• The new Authorization Framework