Identity & Access Control for modern Applications and APIs

09:00 - 17:00

Modern application design has changed quite a bit in recent years. “Mobile-first” and “cloud-ready” are the types of applications you are expected to develop. Also, to keep pace with these demands, Microsoft has revamped their complete web stack with ASP.NET Core to meet these architectural demands.

Needless to say, you also have to secure these apps. Multi-platform, multi-client, and highly-mobile users bring a new set of  challenges, so the approaches of the past are no longer appropriate for modern applications. This one day workshop is your chance to get an overview of all things security related to these new technologies. Learn how to securely connect native and browser-based applications to your back-ends and integrate them with your identity management systems as well as social identity providers and services.

Workshop agenda:

  • Identity & Access Control in .NET Core
  • ASP.NET Core Security Framework
  • Cookie-based Authentication
  • External Authentication (e.g. Google, Facebook, Twitter, etc.)
  • OAuth 2.0 & OpenID Connect
  • Authorization
  • Single Sign On/Single Sign Off
  • Claims Transformation
  • Federation
  • Securing APIs
  • Server to Server Communication
  • SPAs & mobile native Clients

Dominick Baier

Dominick Baier is an independent consultant specializing in identity & access control. He helps companies around the world designing & implementing authentication and authorization for their distributed web and native applications. He’s the co-author of the popular OpenID Connect & OAuth 2.0 framework called IdentityServer ( , has written a couple of books, blogs at and tweets as @leastprivilege.