Skip to content

Security

The senior bar on security is high — not just "use OAuth," but knowing the dozen ways JWT validation goes wrong, the OIDC flow taxonomy, what Data Protection actually does, and how to map OWASP Top 10 to real ASP.NET Core code.

Topics (canonical order)

Why this order

AuthN basics → JWT depth (its own file because it's the #1 failure surface) → OAuth/OIDC (the protocol) → IdP comparison (the implementation) → AuthZ (the consequence) → Data Protection (the foundation) → OWASP map (the audit) → secrets (the storage) → antiforgery+CORS (the browser side). Each step depends on the previous.

Cross-references