Why take this course?

Authentication and Authorization are one of the most important parts of modern web app and web APIs development. ASP.NET Core Identity provides a complete solution to achieve this purpose. It seems with a few clicks, a developer can scaffold a solution. However, in order to adapt the scaffolded solution to your particular project requirements, you will need a complete understanding of how ASP.NET Core Identity works inside out.


With 5 sections and about 7 hours of high quality content, 

You will learn the following topics in depth:

  1. Section #1: Authentication and Authorization UNDER the HOOD.

You will start with securing your web app without using ASP.NET Identity, so that you know what is under the hood. This builds a strong foundation for you.

  1. Section #2: Securing Web APIs

Same idea with the previous section, but here we are securing Web APIs.

  1. Section #3: ASP.NET Core Identity In Depth

Now we are getting into ASP.NET Core Identity. Here you will not only learn how to code with ASP.NET Core Identity, but you will learn all the reasons behind the working of Identity with the knowledge you have just learned in the previous sections.

  1. Section #4: MFA in ASP.NET Identity

MFA is a must when you work with a public facing website. Hence, this section is very important. After the in-depth explanation of the concept, you will start with a simpler Email MFA scenario, then moving on to the Authenticator App MFA case.

  1. Section #5: External Authentication Providers

Lots of applications (public facing or not) want to use external social media to manage the user login, so that the applications can focus on the business logic. This section takes Facebook Login as an example and walks you through the steps of using an external authentication provider.


You will master the following technical skills:

  • What are Identities, Claims, and Principal (Security Context).

  • Cookie Authentication for Web App.

  • Authentication and Authorization handlers

  • Policy based Authorization

  • Create Custom Policies

  • JWT Token Authentication for Web APIs / REST APIs.

  • ASP.NET Core Identity Configuration

  • Use Identity to implement all typical scenarios including: User Registration, User Login, Logout, Email confirmation, Roles vs Claims and User Profile page.

  • MFA with Email.

  • MFA with Authentication App.

  • Social Media login with Facebook.


What you will need:

  • Intermediate Level of C# or at least 6 months of experience.

  • Intermediate Level of ASP.NET Core or at least 6 months of experience.

  • Basic HTML.

  • You should know OOP and the concept of interface in C#.

  • You are interested in learning this topic.

  • You are eager to learn.


Who this course is for:

  • ASP .NET Core Developers

  • API Developers

  • Mobile Application Developers

  • C# or VB NET Developers


Last but Not least:

Enjoy this course and don't forget to check out my other courses:

  • Complete guide to Web API course

  • ASP.NET Core Blazor course

  • Clean Architecture course

Course curriculum

    1. 1. Security Overview

    2. 2. Authentication and Authorization Flow

    3. 3. ASP.NET Core Basics

    4. 4. Security Context in ASP.NET Core

    5. 5. Anonymous Identity

    6. 6. Create a Login Page with Razor Pages

    7. 7. Generate Cookie with Cookie Authentication Handler

    8. 8. Authenticaiton Middle and Authentication Scheme

    9. 9. Authorization Architecture _ Flow

    10. 10. Simple Policy based Authorization

    11. 11. Login _ Logout Partial View

    12. 12. Custom Policy based Authorization

    13. 13. Cookie Lifespan _ Browser Session

    1. 14. Cookie vs Token and our Use Case

    2. 15. Create and Consume a Web API Endpoint

    3. 16. What is JWT

    4. 17. The typical token flow

    5. 18. Generate JWT Token with JWT Token Handler

    6. 19. Read JWT Token with Authentication Middleware and Hanlder

    7. 20. Consume the Endpoint protected by the JWT Token

    8. 21. Store and Reuse Token in the Session

    9. 22. Apply Policy to Web API Endpoint

    1. 23. Essential Parts

    2. 24. Install Nuget Packages for working with Identity

    3. 25. Create the Database for Identity

    4. 26. Configure Web App to Use Identity

    5. 27. Core Classes in Identity

    6. 28. User registration flow

    7. 29. User Registration

    8. 30. User Login

    9. 31. Email Confirmation Flow

    10. 32. Email Confirmation Dry Run

    11. 33. Confirm Email Page

    12. 34. send confirmation email

    13. 35. Refactor the Email Sending Code

    14. 36. SignOut

    15. 36. Collecting More User Info with IdentityUser schema change

    16. 37. Collecting More User Info with Claims

    17. 38. Roles vs Claims

    18. 39. Create a User Profile page

    1. 40. What is MFA

    2. 41. How 2FA works through email

    3. 42. Implement 2FA with Email

    4. 43. How 2FA with Authenticator App works

    5. 44. Implement Authenticator MFA Setup (Manual)

    6. 48. Implement Authenticator MFA Code Checking

    7. 49. Use QR Code for MFA setup

    1. 50. Login with Social Media Overview

    2. 51. Setup App Account in Facebook

    3. 53. Delegate Login to Facebook

    4. 54. Implement Callback Controller

    1. Thank you & Next steps

About this course

  • $169.00
  • 106 lessons
  • 14 hours of video content

One-time Payment

Buy this course and own it for a lifetime.

ALL-ACCESS Subscription

Access all my courses with one low monthly price.

ALL-ACCESS Subscription

Access all my courses with a low yearly price. That's 30% Off comparing with the monthly plan.