How to Secure Your ASP.NET Core Apps
The Right Way?

Building secure apps is complex. Between JWT tokens, authorization policies, identity providers, and OAuth flows, it's easy to make costly security mistakes that could expose your application and user data.

Your API endpoints are completely unsecured and anyone can access sensitive data
You're spending weeks building user registration and login features from scratch
You're overwhelmed by confusing security concepts and don't know where to start
It's time to get your security implementation right...

Master Enterprise-Grade Application Security

JWT Authentication
Authorization Policies
Keycloak Identity Provider
OAuth 2.0 & OpenID Connect
Asynchronous Programming

Secure APIs with JWT Authentication

  • Decode and Understand JWTs: Learn JWT structure and how to quickly generate and read token contents using built-in .NET tooling.
  • Configure JWT Validation: Set up ASP.NET Core to properly validate incoming tokens and protect your minimal API endpoints.
  • Access JWT Claims in Endpoints: Extract user information from validated tokens in your API endpoints.
Logging

ASP.NET Core Authorization

  • Master All Authorization Types: Learn role-based, claims-based, policy-based, and resource-based authorization techiques.
  • Build Flexible Authorization Policies: Create reusable policies that combine claims and roles for complex access rules.
  • Secure Individual Resources: Implement resource-based authorization to control access to specific data records.
Middleware

Docker Mini Course

  • Run Services Instantly: Run popular services and tools as containers, without complex local installations or configuration.
  • Master Essential Docker Commands: Use volumes, ports, and environment variables for real development workflows.
  • Use Docker Compose for Multi-Service Setups: Orchestrate multiple containers together for complete development environments.
Keycloak

Professional Identity Management with Keycloak

  • Easy Local Setup: Run Keycloak locally with just Docker - learn industry standard authorization techniques hands-on without cloud complexity.
  • Developer-Friendly Admin: Manage users, roles, and permissions through a simple web interface - no custom admin code needed.
  • Seamless ASP.NET Core Integration: Configure your API to validate Keycloak tokens and transform claims - production-ready identity integration made simple.
OIDC

OAuth 2.0 and OpenID Connect

  • Master the Authorization Code Flow: Understand the complete token exchange process with scopes, refresh tokens, and secure client configuration.
  • OAuth 2.0: Stop hardcoding authentication into every endpoint - delegate to a dedicated server that issues trusted tokens.
  • OpenID Connect: Get verified user identity (name, email, roles) seamlessly after OAuth login - standardized identity claims across any provider.

Two Frontend Stacks Included

Make your backend API shine by integrating it with the included Blazor and React frontends, so you can see how your API works in a real-world scenario.

alternative
alternative
Blazor

Static Server-Side Rendered (SSR) Application

React

Vite Single Page Application (SPA)

alternative
Two frontend stacks, same user experience
Start Watching

What You Get With Your Purchase

alternative
alternative
Signature Online Video Training

Professionally recorded high-quality video training that you can take at your own pace, anywhere and from any device.

Beautifully Illustrated Handouts

Includes all diagrams from every slide deck presented across the course, so you can reference them at any time.

Full Source Code

Full source code linked to every coding lesson so you can easily compare and troubleshoot.

Full English captions

In case you need them, English captions can be turned on quickly for any of the lessons.

certificate
Course Certificate

Get a certificate of completion when you finish the course to show off on your LinkedIn profile.

Course Curriculum

Welcome to the course! 5min
  • Course introduction
  • What this course covers
  • What you need to know first
  • Software prerequisites
Authentication in ASP.NET Core 47min
  • Why authentication?
  • What is token based authentication?
  • Understanding JSON Web Tokens
  • Creating JWTs
  • Decoding a JWT
  • Configuring JWT authentication
  • Sending requests with JWTs
  • Using JWT claims in ASP.NET Core
  • Disabling the default claims mapping
The Shopping Basket API 40min
  • Adding the Shopping Basket data model
  • Implementing the Upsert Basket feature
  • Testing the Upsert Basket feature
  • Implementing the Get Basket feature
Authorization in ASP.NET Core 1hr 7min
  • Why authorization?
  • Types of authorization in ASP.NET Core
  • Requiring authorization in API endpoints
  • Using role-based authorization
  • Using claims-based authorization
  • Using policy-based authorization
  • Refactoring the authorization policy
  • Configuring a fallback policy and anonymous access
  • Using resource-based authorization
Working with Docker 51min
  • Introduction to Docker
  • Downloading Docker images
  • Running Docker containers
  • Exposing ports
  • Entering a running container
  • Using volumes
  • Using environment variables
  • Introduction to Docker Compose
  • Using Docker compose
Working with Keycloak 25min
  • Introduction to Keycloak
  • Running Keycloak as a Docker container
  • Creating a realm
  • Creating users
  • Creating and assigning roles
  • Exporting the realm configuration
The OAuth 2.0 framework 51min
  • Introduction to OAuth 2.0
  • Understanding the Authorization Code Flow
  • Configuring a client in Keycloak
  • Requesting access tokens from Keycloak
  • Configuring scopes and audience in Keycloak
  • Using refresh tokens
  • Getting access tokens in Postman
Using Keycloak JWTs in ASP.NET Core 1hr 1min
  • Configuring a Keycloak authentication scheme
  • Receiving Keycloak JWTs in protected endpoints
  • Logging JWT events
  • Configuring the role claim in Keycloak
  • Implementing a claims transformer
  • Refactoring the authentication configuration
  • Using Keycloak's email claim
The OpenID Connect protocol 29min
  • Introduction to OpenID Connect
  • Requesting ID Tokens from Keycloak
  • Exploring the OIDC discovery endpoint
  • Exploring the UserInfo endpoint
  • Exploring the JSON Web Key Set
UI Integration 39min
  • Configuring the Blazor front-end
  • Running front-end and back-end together
  • The front-end OIDC configuration explained
  • Using the React front-end
ASP.NET Core Security

Course Includes

  • 10 Modules, 64 Lessons
  • 7 Hours of Video
  • Full source code
  • Illustrated handouts
  • Course Certificate
Start Watching

Who Is This Course For?

  • ASP.NET Core developers who know the basics but need to implement enterprise-grade authentication and authorization.
  • Backend developers building APIs who want to move beyond basic security to professional identity management patterns.
  • Full-stack developers who need to understand complete security flows from frontend login to backend authorization.

What Students Say About The Course

Unlock ASP.NET Core Security Today!

00
Days
00
Hours
00
Minutes
00
Seconds
ASP.NET Core Security
$ 179
Lifetime Access
$
$179OFF
Lifetime Access
START WATCHING
alternative
  • Signature online video training
  • Full source code
  • Full English captions
  • Beautifully illustrated handouts
  • Course certificates

Meet Your Instructor

alternative

My name is Julio Casal. I'm a passionate software engineer with a wealth of experience building all sorts of applications and systems based on the .NET platform.

Throughout my 10+ years working at Microsoft, I had the opportunity to work on real-world projects, building and refining backend services that handle millions of requests every month.

I believe reducing complex concepts into simple step by step instructions is incredibly valuable and helps to make coding accessible and fun for everyone.

Start your path to a high-paying job

alternative

FAQs

When does the course start and finish?

ASP.NET Core Security is a completely self-paced online course. You decide when you start and when you finish.

What version of .NET is used in this bootcamp?

This bootcamp uses .NET 8 since it has Long Term Support (LTS). It will not be updated to .NET 9, given it's a Standard Term Support (STS) release.

Do you offer a certification on course completion?

Yes, you will get a certificate at no additional cost after completing all the course lessons.

How long will I have access to the content?

Your enrollment includes unlimited lifetime access.

I have more questions!

Happy to help! Send me an email: [email protected]

footer-frame

Copyright © 2025 Julio Casal LLC