Simplified ASP.NET and MVC 6 Security Templates

As mentioned before – the ASP.NET templates never really tried to make to you help  understand the security features.  Instead they crammed ever single feature into a single “sample app” making it really hard to figure out who does what (ASP.NET identity vs middleware vs external authentication vs cookie etc).

This created a lot of confusion – and whenever we taught Katana or ASP.NET 5 security, people had this “wow” effect when theyfinally  see the bits and pieces untangled.

That’s why I published my alternative templates that focus on a single security feature at a time on github (work in progress – feel free to send me PRs)

Cookie-based Authentication

External Authentication (e.g. Google)

External Authentication showing the callback technique to run custom logic between external sign-in and local sign-in


This entry was posted in .NET Security, ASP.NET. Bookmark the permalink.

6 Responses to Simplified ASP.NET and MVC 6 Security Templates

  1. Carlos says:

    Thanks for the examples!

    In the external oauth (callback) example. Why is the 2nd cookie middleware needed? What would happen in you just used the one, and in your callback called AuthenticateAsync() on it, did what was needed, called SignOutAsync, and finally SignInAsync with the new/modified ClaimsPrincipal.

    I assume this wouldn’t work based on your example but I don’t know why. Could you please explain the problem with that?

  2. Haris says:

    All 3 links are broken.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s