ASP.NET Core Identity Deep Dive

ASP.NET Core Identity brings identity and user management to the ASP.NET Core web framework. This course will get you started with the library and create modern user management and storage with a standout user experience.
Course info
Rating
(64)
Level
Intermediate
Updated
Mar 9, 2018
Duration
2h 31m
Table of contents
Course Overview
Identity: What You Need to Know and What You Need to Avoid
Implementing the Nuts and Bolts of ASP.NET Core Identity
Implementing and Extending the Entity Framework Default Schema
Implementing Secure User Management
Protection in the Case of a Breach: Password Hashing and Revocation
Taking Security Further with True Multi-factor Authentication
Dealing with External Accounts
Description
Course info
Rating
(64)
Level
Intermediate
Updated
Mar 9, 2018
Duration
2h 31m
Description

ASP.NET Core Identity brings identity and user management to the ASP.NET Core web framework. This robust library is commonly used to back authentication systems and to provide supporting functionality such as password reset and user registration. In ASP.NET Core Identity Deep Dive, you will learn how the ASP.NET Core Identity library ticks. First, you will take a deep dive into the internals of the library. Next, you will explore its various extensibility points. Finally, you will discover not only how to extend it, but also when to actually do so. When you are finished with this course, you will be able to avoid many of the pitfalls that come with mismanagement of the library that would otherwise cause you issues once you start to grow/scale your applications and build upon it for future releases.

About the author
About the author

Scott Brady is a software developer specializing in identity and access management. Focusing on ASP.NET, Scott has increasingly found himself in undocumented territory, piecing together the facts and attempting to pass them on so that others don't have to go through the same.

More from the author
Getting Started with OAuth 2.0
Intermediate
1h 43m
Sep 14, 2018
ASP.NET Identity 2 Fundamentals
Intermediate
2h 28m
Apr 13, 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Scott Brady, and welcome to my course, ASP. NET Core Identity Deep Dive. I am the Identity and Access Control Lead at Rock Solid Knowledge. In this course, we're going to look at the ASP. NET Core Identity library, the newest identity management library for ASP. NET Core. Some of the major topics that we will cover include user registration and authentication, password reset and account confirmation, and implementing true two-factor authentication using authenticated devices. By the end of this course, you'll know how to implement standout identity management functionality through ASP. NET Core websites. I hope you'll join me on this journey to learn ASP. NET Core Identity, with the ASP. NET Core Identity Deep Dive course, at Pluralsight.

Identity: What You Need to Know and What You Need to Avoid
Hi, my name is Scott Brady, and welcome to this opening module of ASP. NET Core Identity Deep Dive. This module is all about identity itself including both what you need to know about identity to get started with this course, but also what you need to avoid. So let's see our module overview. In this module, we're going to look at the high-level basics of ASP. NET Core Identity. So what is it and why you need such a library. We'll then take a look at what actually counts as identity data and why it's a good idea to give this special treatment. And finally, we'll take a look at how to avoid some common mistakes when dealing with this library, its data, and its functionality.

Implementing the Nuts and Bolts of ASP.NET Core Identity
This time we're going to be looking at how to implement the nuts and bolts of ASP. NET Core Identity. So by nuts and bolts, I mean we're going to look at the core structure and architecture of the underlying library itself and how everything fits together. For code, we're going to primarily look at the main part of the library itself that you pretty much always have to get involved with and implement yourself in some way, and that's the UserStore. And then finally for our demo, we're going to look at how to add the barebones of the library to an ASP. NET Core MVC website. We'll be using the smallest amount of the library as possible, taking a close look at what is actually happening under the covers. So let's make a start.

Implementing and Extending the Entity Framework Default Schema
Hi, my name is Scott Brady, and welcome to Implementing and Extending the Entity Framework Default Schema module of ASP. NET Core Identity Deep Dive. In this module, we'll be looking at how we can simplify implementations by using the default user schema provided by ASP. NET Core Identity, allowing us to easily take advantage of the full feature set of the library without having to design the entities ourselves. We'll then look at how we can skip the need to implement our own database access logic by using the pre-canned UserStore that uses Entity Framework to do the heavy lifting for us. And then finally, we'll look at how to extend the default user schema including when you should actually do so, because it's not always the best decision.

Implementing Secure User Management
Hi, my name is Scott Brady, and welcome to the Implementing Secure User Management Module of ASP. NET Core Identity Deep Dive. In this module, we're going to take a look at how we can simplify some of the authentication logic we've been using in our demos by taking advantage of the ASP. NET Core specifics of the Identity library. We'll then look at how we can implement password reset functionality in a way that is useful and not frustrating to the user. We'll also look at how to implement email confirmation logic, and discuss why we might need this functionality from a security perspective and not just for user contact. And throughout all of this, we'll be taking a close look at how the token providers within ASP. NET Core Identity actually work, and enable all of this functionality.

Protection in the Case of a Breach: Password Hashing and Revocation
Hi, my name is Scott Brady, and welcome to Protection in the Case of a Breach: Password Hashing and Revocation. In this module, we're going to be looking at what we can do to protect passwords stored in our UserStore, including why we need to protect them, why this will save our bacon when we get hacked, and what ASP. NET Core Identity can provide us. We'll then look at how we can encourage users to choose strong passwords because our system is only as secure as the user makes it. And finally, we'll look at how we can easily protect ourselves against one of the most common attacks, which are brute-force attacks, where an attacker repeatedly guesses credentials in an attempt to break into a user's account, often with credentials from another breached system.

Taking Security Further with True Multi-factor Authentication
Hi, my name is Scott Brady, and welcome to the Taking Security Further with True Multi-Factor Authentication module of ASP. NET Core identity Deep Dive. In this module, we'll be focusing on taking authentication a step further. First we'll look at multi-step verification where we challenge the for multiple credentials of the same type with the view that two credentials are better than one. Then we'll take a look at how to do this properly with multi-factor authentication where we challenge for multiple verifiable pieces of information that go beyond just something the user knows.

Dealing with External Accounts
Hi, my name is Scott Brady, and welcome to the Dealing with External Accounts module of ASP. NET Core Identity Deep Dive. In this module, we'll be focusing solely on how to handle external identity providers and identity data using ASP. NET Core Identity, including user flows for linking and provisioning local accounts based on that external identity.