Getting Started: Authentication and Authorization in .NET

Learn how to get started with authentication and authorization in .NET

About This Course

Authentication and authorization are two of the most misunderstood topics in .NET, and getting them wrong is one of the fastest ways to introduce a serious security issue into your application. This course is a deep dive into how authentication and authorization actually work in ASP.NET Core, built up from first principles. You'll start with the fundamentals, like the User object, ClaimsPrincipal, and the request pipeline, before moving into the authentication middleware and each of its core operations: Challenge, SignIn, Authenticate, SignOut, and Forbid. From there, we'll go under the hood to explore schemes, authentication tickets, and data protection. There's a full module dedicated to the cookie handler, including event handlers and everything you need to know about cookie and ticket lifetimes. Finally, you'll master authorization, from simple and role-based approaches all the way to policy-based and resource-based authorization, custom requirements and handlers, authorization filters, and view-based scenarios.

Course Curriculum

12h 8m 11 sections

Welcome

02:33 Free preview

What will you learn in this course?

03:03 Free preview

Who is the course for and prerequisites

02:53 Free preview

Course Material

02:25

Installing Fiddler

08:23

Fiddler and HTTPS

10:21

Exploring the starter project

06:49

Section Recap

00:57

The User Object

12:28

Creating a ClaimsPrincipal

16:28

The Request Pipeline

19:08

Section Recap

02:13

Introduction

14:37

Authentication Operations

06:14

Challenge

14:54

SignIn

08:59

Authenticate

22:11

SignOut

09:41

Forbid

08:32

Section Recap

01:25

Schemes

17:41

Authentication Properties.mp4

12:46

Authentication Ticket

17:36

Data Protection

08:54

Section Recap

02:56

Introduction

09:00

Challenge

13:39

SignIn

24:01

Authenticate

06:48

SignOut

19:59

Forbid

10:48

Section Recap

00:52

Session Cookies

04:44

Persistent Cookies

07:56

Persistent Cookies Using Max Age

08:10

Ticket lifetime

08:52

Ticket Renewal

21:12

Choosing Cookie and Ticket Lifetime

18:47

Section Recap

01:58

Challenge Events

17:14

SignIn Events

17:43

Authenticate Events

24:30

SignOut Events

12:55

Forbid Events

15:11

Section Recap

02:28

Introduction

12:11

Authorization in ASP.NET Core

05:36

Simple Authorization

10:11

Role-Based Auth

18:39

Policy-Based Auth

26:05

Broken Access Control

21:06

Section Recap

01:03

Requirements and Handlers

34:52

Resource-based Authorization

26:13

The MVC filter pipeline

18:43

Authorization Filters

20:48

Custom Authorization Attributes

10:37

DefaultPolicy and FallbackPolicy

19:55

View-based authorization

14:37

Section Recap

02:13

Conclusion and next steps

03:47

Course Details

Level Getting Started

Duration

$299.99

Lifetime access

Go Pro for Full Access

Get unlimited access to all Dometrain courses with a Pro subscription

Learn more about Dometrain Pro

Meet Your Instructor

Tore Nestenius

Tore Nestenius

Tore is a Microsoft MVP in .NET, a senior software architect, and an independent consultant and trainer based in Helsingborg, Sweden. He has over 25 years of experience in professional software development, specializing in ASP.NET Core, web security, OpenID Connect, identity architecture, and Azure. He trains and consults for development teams across Europe and regularly shares his knowledge through his .NET blog. His love for technology goes way back: from a Commodore VIC-20 in 1981 to reverse-engineering a Sega Mega Drive and building his own hardware dev kit as a teenager.

View all courses by Tore Nestenius

© 2026 Dometrain. All rights reserved.