Azure DevOps, Scrum, & .NET Software Leadership and Consulting Services

Free course! Predicting the Future, Estimating, and Running Your Projects with Flow Metrics

VSLive Austin 2016: ASP.NET MVC / Core Security Slides & Code

I spoke at VSLive Austin 2016 last week.  As promised, here are the slides & code samples from my ASP.NET MVC / ASP.NET Core Security Authorization Talk.


Role-Based Security Stinks: How to Implement Better Authorization in ASP.NET & WebAPI

In .NET, if your user permissions are simple, you’re in luck. Access the IPrincipal for the current user, call IsInRole(), and you’re done in about 3 lines of code. It works great…until it doesn’t and then you’re hosed.
When your application’s user permissions model starts getting complicated, you’ll instantly run into problems with .NET’s role-based security. The good thing is that it’s not that hard to write your own custom authorization system.

In this session, we’ll start by discussing what role-based security is all about and what it’s limits are in a typical ASP.NET or WebAPI application. From there, we’ll start going “off road” to talk about how to design, build, and test custom authorization schemes that handle more complex authorization scenarios. Along the way, we’ll talk about how to handle tricky details like user administration, creating arbitrary logical groupings of items & users, load testing your security code, and (most importantly) how to make all this code maintainable in the long term.

ASP.NET MVC Code Samples
ASP.NET Core Code Samples



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.