So while the benefits of using Single Sign On are obvious and there many articles about it, it way less discussed topic is Single Sign Out – the process of signing out the user from all web application which use the same IdP.

This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an IdentityServer4 service. Both ways have advantages and require setting different code configurations in both applications.

This is walk through for an ASP.NET Core Authorization Lab, now updated for ASP.NET Core 2.1 and VS2017.

So you’ve built a web API and everything seems to be working fine. But Wait! Anyone can access your API, hit the correct url and boom your API is connected to. Though that might be heroic of you, but it shouldn’t be… I mean after all the bugs and stackoverflow.

This article shows how FIDO2 WebAuthn could be used for a passwordless sign in integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about FIDO2 and WebAuthn, please refer to the links at the bottom.

Authorization refers to limiting the access of the system to the user according to their roles. There are different roles in an organization and we can provide access to the resources according to their position or role in the organization. There are various technique for Authorization and authentication like JWT Authentication, Windows Authentication, Cookies Authentication, etc. So, we will be learning cookie based authentication and authorization with encrypt password using Guid data type key

The aim of this post is to teach you how to implement Identity Authentication & Authorization with ASP.NET Core 3. We will begin with a cookie-cutter Microsoft starter project, and then modify it to use Kendo in a future post.

You might have noticed the recent public discussions around how to securely build SPAs – and especially about the “weak security properties” of the OAuth 2.0 Implicit Flow.

Being able to sign in with an external login provider (for example Google or Facebook) is a good way to simplify the process of getting new users to your website.

An application running within the context of the browser (e.g. a React or Angular Single Page Application (SPA)) that wants to access an API on behalf of a user. This authenticated API call will be made directly from the user’s browser, and only our application should be able to call it on behalf of our authenticated user (i.e. we’re not vulnerable to Cross-Site Request Forgery (CSRF/XSRF).