AspNetCore.Docs/aspnetcore/security/index.md

---
title: Security | Microsoft Docs
author: rick-anderson
description: 
keywords: ASP.NET Core,
ms.author: riande
manager: wpickett
ms.date: 10/14/2016
ms.topic: article
ms.assetid: a8fb7eb7-e0e5-4394-84f3-1f1dbe012345
ms.technology: aspnet
ms.prod: aspnet-core
---
# Security

*   [Authentication](authentication/index.md)
    *   [Introduction to Identity](authentication/identity.md)
    *   [Enabling authentication using Facebook, Google and other external providers](authentication/sociallogins.md)
    *   [Account Confirmation and Password Recovery](authentication/accconfirm.md)
    *   [Two-factor authentication with SMS](authentication/2fa.md)
    *   [🔧 Supporting Third Party Clients using OAuth 2.0](authentication/oauth2.md)
    *   [Using Cookie Middleware without ASP.NET Core Identity](authentication/cookie.md)
    *   [Azure Active Directory](authentication/azure-active-directory/index.md)
        *   [Integrating Azure AD Into an ASP.NET Core Web App](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore)
        *   [Calling a ASP.NET Core Web API From a WPF Application Using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-native-aspnetcore)
        *   [Calling a Web API in an ASP.NET Core Web Application Using Azure AD](https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore/)
        *   [An ASP.NET Core web app with Azure AD B2C](https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore-b2c/)
    *   [Securing ASP.NET Core apps with IdentityServer4](https://identityserver4.readthedocs.io)
*   [Authorization](authorization/index.md)
    *   [Introduction](authorization/introduction.md)
    *   [Simple Authorization](authorization/simple.md)
    *   [Role based Authorization](authorization/roles.md)
    *   [Claims-Based Authorization](authorization/claims.md)
    *   [Custom Policy-Based Authorization](authorization/policies.md)
    *   [Dependency Injection in requirement handlers](authorization/dependencyinjection.md)
    *   [Resource Based Authorization](authorization/resourcebased.md)
    *   [View Based Authorization](authorization/views.md)
    *   [Limiting identity by scheme](authorization/limitingidentitybyscheme.md)
    *   [🔧 Authorization Filters](authorization/authorization-filters.md)
*   [Data Protection](data-protection/index.md)
    *   [Introduction to Data Protection](data-protection/introduction.md)
    *   [Getting Started with the Data Protection APIs](data-protection/using-data-protection.md)
    *   [Consumer APIs](data-protection/consumer-apis/index.md)
        *   [Consumer APIs Overview](data-protection/consumer-apis/overview.md)
        *   [Purpose Strings](data-protection/consumer-apis/purpose-strings.md)
        *   [Purpose hierarchy and multi-tenancy](data-protection/consumer-apis/purpose-strings-multitenancy.md)
        *   [Password Hashing](data-protection/consumer-apis/password-hashing.md)
        *   [Limiting the lifetime of protected payloads](data-protection/consumer-apis/limited-lifetime-payloads.md)
        *   [Unprotecting payloads whose keys have been revoked](data-protection/consumer-apis/dangerous-unprotect.md)
    *   [Configuration](data-protection/configuration/index.md)
        *   [Configuring Data Protection](data-protection/configuration/overview.md)
        *   [Default Settings](data-protection/configuration/default-settings.md)
        *   [Machine Wide Policy](data-protection/configuration/machine-wide-policy.md)
        *   [Non DI Aware Scenarios](data-protection/configuration/non-di-scenarios.md)
    *   [Extensibility APIs](data-protection/extensibility/index.md)
        *   [Core cryptography extensibility](data-protection/extensibility/core-crypto.md)
        *   [Key management extensibility](data-protection/extensibility/key-management.md)
        *   [Miscellaneous APIs](data-protection/extensibility/misc-apis.md)
    *   [Implementation](data-protection/implementation/index.md)
        *   [Authenticated encryption details.](data-protection/implementation/authenticated-encryption-details.md)
        *   [Subkey Derivation and Authenticated Encryption](data-protection/implementation/subkeyderivation.md)
        *   [Context headers](data-protection/implementation/context-headers.md)
        *   [Key Management](data-protection/implementation/key-management.md)
        *   [Key Storage Providers](data-protection/implementation/key-storage-providers.md)
        *   [Key Encryption At Rest](data-protection/implementation/key-encryption-at-rest.md)
        *   [Key Immutability and Changing Settings](data-protection/implementation/key-immutability.md)
        *   [Key Storage Format](data-protection/implementation/key-storage-format.md)
        *   [Ephemeral data protection providers](data-protection/implementation/key-storage-ephemeral.md)
    *   [Compatibility](data-protection/compatibility/index.md)
        *   [Sharing cookies between applications](data-protection/compatibility/cookie-sharing.md)
        *   [Replacing <machineKey> in ASP.NET](data-protection/compatibility/replacing-machinekey.md)
*   [Safe storage of app secrets during development](app-secrets.md)
*   [🔧 Enforcing SSL](enforcing-ssl.md)
*   [🔧 Anti-Request Forgery](anti-request-forgery.md)
*   [🔧 Preventing Open Redirect Attacks](open-redirect.md)
*   [Preventing Cross-Site Scripting](cross-site-scripting.md)
*   [Enabling Cross-Origin Requests (CORS)](cors.md)
Add docfx content 2016-10-29 01:35:15 +08:00			`---`
title + meta on technology 2016-11-17 08:24:57 +08:00			`title: Security \| Microsoft Docs`
Add docfx content 2016-10-29 01:35:15 +08:00			`author: rick-anderson`
keywords and decription meta-data 2016-11-18 04:13:02 +08:00			`description:`
			`keywords: ASP.NET Core,`
Add docfx content 2016-10-29 01:35:15 +08:00			`ms.author: riande`
			`manager: wpickett`
			`ms.date: 10/14/2016`
			`ms.topic: article`
			`ms.assetid: a8fb7eb7-e0e5-4394-84f3-1f1dbe012345`
title + meta on technology 2016-11-17 08:24:57 +08:00			`ms.technology: aspnet`
Add docfx content 2016-10-29 01:35:15 +08:00			`ms.prod: aspnet-core`
			`---`
			`# Security`

			`* [Authentication](authentication/index.md)`
			`* [Introduction to Identity](authentication/identity.md)`
			`* [Enabling authentication using Facebook, Google and other external providers](authentication/sociallogins.md)`
			`* [Account Confirmation and Password Recovery](authentication/accconfirm.md)`
			`* [Two-factor authentication with SMS](authentication/2fa.md)`
			`* [🔧 Supporting Third Party Clients using OAuth 2.0](authentication/oauth2.md)`
			`* [Using Cookie Middleware without ASP.NET Core Identity](authentication/cookie.md)`
			`* [Azure Active Directory](authentication/azure-active-directory/index.md)`
			`* [Integrating Azure AD Into an ASP.NET Core Web App](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore)`
			`* [Calling a ASP.NET Core Web API From a WPF Application Using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-native-aspnetcore)`
			`* [Calling a Web API in an ASP.NET Core Web Application Using Azure AD](https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore/)`
			`* [An ASP.NET Core web app with Azure AD B2C](https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore-b2c/)`
			`* [Securing ASP.NET Core apps with IdentityServer4](https://identityserver4.readthedocs.io)`
			`* [Authorization](authorization/index.md)`
			`* [Introduction](authorization/introduction.md)`
			`* [Simple Authorization](authorization/simple.md)`
			`* [Role based Authorization](authorization/roles.md)`
			`* [Claims-Based Authorization](authorization/claims.md)`
			`* [Custom Policy-Based Authorization](authorization/policies.md)`
			`* [Dependency Injection in requirement handlers](authorization/dependencyinjection.md)`
			`* [Resource Based Authorization](authorization/resourcebased.md)`
			`* [View Based Authorization](authorization/views.md)`
			`* [Limiting identity by scheme](authorization/limitingidentitybyscheme.md)`
			`* [🔧 Authorization Filters](authorization/authorization-filters.md)`
			`* [Data Protection](data-protection/index.md)`
			`* [Introduction to Data Protection](data-protection/introduction.md)`
			`* [Getting Started with the Data Protection APIs](data-protection/using-data-protection.md)`
			`* [Consumer APIs](data-protection/consumer-apis/index.md)`
			`* [Consumer APIs Overview](data-protection/consumer-apis/overview.md)`
			`* [Purpose Strings](data-protection/consumer-apis/purpose-strings.md)`
			`* [Purpose hierarchy and multi-tenancy](data-protection/consumer-apis/purpose-strings-multitenancy.md)`
			`* [Password Hashing](data-protection/consumer-apis/password-hashing.md)`
			`* [Limiting the lifetime of protected payloads](data-protection/consumer-apis/limited-lifetime-payloads.md)`
			`* [Unprotecting payloads whose keys have been revoked](data-protection/consumer-apis/dangerous-unprotect.md)`
			`* [Configuration](data-protection/configuration/index.md)`
			`* [Configuring Data Protection](data-protection/configuration/overview.md)`
			`* [Default Settings](data-protection/configuration/default-settings.md)`
			`* [Machine Wide Policy](data-protection/configuration/machine-wide-policy.md)`
			`* [Non DI Aware Scenarios](data-protection/configuration/non-di-scenarios.md)`
			`* [Extensibility APIs](data-protection/extensibility/index.md)`
			`* [Core cryptography extensibility](data-protection/extensibility/core-crypto.md)`
			`* [Key management extensibility](data-protection/extensibility/key-management.md)`
			`* [Miscellaneous APIs](data-protection/extensibility/misc-apis.md)`
			`* [Implementation](data-protection/implementation/index.md)`
			`* [Authenticated encryption details.](data-protection/implementation/authenticated-encryption-details.md)`
			`* [Subkey Derivation and Authenticated Encryption](data-protection/implementation/subkeyderivation.md)`
			`* [Context headers](data-protection/implementation/context-headers.md)`
			`* [Key Management](data-protection/implementation/key-management.md)`
			`* [Key Storage Providers](data-protection/implementation/key-storage-providers.md)`
			`* [Key Encryption At Rest](data-protection/implementation/key-encryption-at-rest.md)`
			`* [Key Immutability and Changing Settings](data-protection/implementation/key-immutability.md)`
			`* [Key Storage Format](data-protection/implementation/key-storage-format.md)`
			`* [Ephemeral data protection providers](data-protection/implementation/key-storage-ephemeral.md)`
			`* [Compatibility](data-protection/compatibility/index.md)`
			`* [Sharing cookies between applications](data-protection/compatibility/cookie-sharing.md)`
			`* [Replacing <machineKey> in ASP.NET](data-protection/compatibility/replacing-machinekey.md)`
			`* [Safe storage of app secrets during development](app-secrets.md)`
			`* [🔧 Enforcing SSL](enforcing-ssl.md)`
			`* [🔧 Anti-Request Forgery](anti-request-forgery.md)`
			`* [🔧 Preventing Open Redirect Attacks](open-redirect.md)`
			`* [Preventing Cross-Site Scripting](cross-site-scripting.md)`
			`* [Enabling Cross-Origin Requests (CORS)](cors.md)`