Monday
Room 3
15:00 - 16:00
(UTC+01)
Talk (60 min)
Getting Authorization Right in .NET: Patterns, Pitfalls, and Practical Guidance
Authentication gets the spotlight, but authorization is where real access control happens—and getting it right is critical for secure and maintainable applications.
This session dives deep into modern authorization patterns in .NET, helping you move beyond if(user.IsInRole()) to scalable, flexible, and secure designs using fine-grained authorization patterns.
The session will cover:
- The built-in authorization model in ASP.NET Core, including policies, roles, and claims
- Attribute-based vs. resource-based authorization
- Custom policy and handler development
- Managing fine-grained permissions across microservices and APIs
- Externalizing authorization decisions using centralized authorization systems
- Best practices for combining authentication (OIDC / OAuth2) with robust authorization logic
- Common pitfalls—like hardcoding roles or overloading claims—and how to avoid them
This session will equip you with the patterns and practices to build secure, testable, and future-proof authorization in .NET.