ASP.NET Core Security with Roland Guijt
How does security work in ASP.NET Core? Carl and Richard talk to Roland Guijt about the security features of ASP.NET Core - many of which are the same as the original .NET, but there are some significant changes! The conversation starts out dealing with the idea that retrofitting security at the end of a project is fraught with perils that ultimately endanger your application and users. It's worth taking some time to figure out how security is going to be part of your app from the beginning. Roland talks about what makes sense to build directly into your ASP.NET Core app and what can be externalized with tools like Identity Server. And there are claims - lots of claims!
Guests:
Roland Guijt
Almost 5 decades ago a boy called Roland was born in a house overlooking a dyke with the North Sea in the background. The house was in a small village in The Netherlands that used to be a fishing village. He started his never ending path of learning in a 400 year old school across the street.
Some years later he was introduced to the wonderful world of computing by his math teacher who showed him an Apple II. It loaded programs using cassette tapes at the time but soon the tape drive was exchanged for a floppy drive. Roland was the first student who had the privilege to try it out and the first thing he did was stick the floppy in upside down. No matter how hard he tried, he couldn't get the floppy out of the $1000 brand new drive. The teacher wasn't happy but the problem was resolved by taking apart the drive which released the punctured floppy.
The resulting mild trauma didn't stop the boy from taking a job at the local supermarket so he could buy his very first computer: the ZX81. He programmed games with the Basic language but the build-in 1K proved too small quickly, so he had to double it. Many computers and programming languages followed and the passion for coding was there to stay.
Roland loves to share this passion as much as he can. He is specialized in Microsoft technology now doing consulting work in his own company. He also is a Microsoft Certified Trainer doing class room Microsoft trainings as well as his self-developed workshops. Many conferences around the world gave him the opportunity to share the knowledge and the creative process involved in developing courses for Pluralsight is something he enjoys. His most recent courses are on TypeScript and ASP.NET Core and he's working on one about ASP.NET Core security right now. He is very happy that Microsoft recognizes his efforts by awarding him with the MVP award.
Links:
- ChatBot Article https://www.smashingmagazine.com/2016/11/does-conversation-hurt-or-help-the-chatbot-ux/
- ASP.NET Core Security https://docs.microsoft.com/en-us/aspnet/core/security/
- ASP.NET Core Data Protection https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/
- Identity Server https://identityserver.io/
- Windows Data Protection https://msdn.microsoft.com/en-us/library/ms995355.aspx
- Safe Storage of Secrets https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets