Security and Identity - Overview

In this article

ASP.NET Core enables developers to configure and manage security. The following list provides links to security topics:

• Authentication

• Authorization

• Data protection

• HTTPS enforcement

• Safe storage of app secrets in development

• XSRF/CSRF prevention

• Cross Origin Resource Sharing (CORS)

• Cross-Site Scripting (XSS) attacks

These security features allow you to build robust and secure ASP.NET Core apps.

This node contains security guidance for ASP.NET Core Blazor.

ASP.NET Core security features

ASP.NET Core is an open-source framework for building web apps.

Authentication vs. Authorization

authenticate is a process in which a user provides credentials that are then compared to those stored in an operating system, database, app or resource.

authentication and authorization are two very different concepts.

Common Vulnerabilities in software

Microsoft has released two new versions of its ASP.NET software.

• Cross-Site Scripting (XSS) attacks

• SQL injection attacks

• Cross-Site Request Forgery (XSRF/CSRF) attacks

• Open redirect attacks

There are more vulnerabilities that you should be aware of. For more information, see the other articles in the Security and Identity section of the table of contents.

Additional resources

• Introduction to Identity on ASP.NET Core

• Enable QR code generation for TOTP authenticator apps in ASP.NET Core

• Facebook and Google authentication in ASP.NET Core

• Identity management solutions for .NET web apps

Ref: ASP.NET Core security topics