Close

Monday 

Room 3 

15:00 - 16:00 

(UTC+01

Talk (60 min)

Getting Authorization Right in .NET: Patterns, Pitfalls, and Practical Guidance

Authentication gets the spotlight, but authorization is where real access control happens—and getting it right is critical for secure and maintainable applications.

.NET
Architecture
Security

This session dives deep into modern authorization patterns in .NET, helping you move beyond if(user.IsInRole()) to scalable, flexible, and secure designs using fine-grained authorization patterns.

The session will cover:
- The built-in authorization model in ASP.NET Core, including policies, roles, and claims
- Attribute-based vs. resource-based authorization
- Custom policy and handler development
- Managing fine-grained permissions across microservices and APIs
- Externalizing authorization decisions using centralized authorization systems
- Best practices for combining authentication (OIDC / OAuth2) with robust authorization logic
- Common pitfalls—like hardcoding roles or overloading claims—and how to avoid them

This session will equip you with the patterns and practices to build secure, testable, and future-proof authorization in .NET.


Michele Leroux Bustamante

Michele Leroux Bustamante is President and co-founder at Solliance (solliance.net), co-founder of PolicyServer (a Solliance Product), a Cloud / Microservices and Security architect, and a Microsoft Regional Director since 2003. Michele is recognized in many fields including software architecture and design, identity and access management, cloud and microservices architectures, security and compliance, and DevOps. During the past 25 years, Michele has held senior executive positions at several organizations, assembled and led high performing teams, and drove delivery and customer success at scale. Michele provides technical and business leadership at Solliance - and shares learnings through workshops, presentations and keynotes. Michele has been published regularly during her entire career including the best-selling book ''Learning WCF'' (O'Reilly 2007) and Developing Microsoft Azure Solutions 2nd Ed. (MS Press 2017). @michelebusta