AspNetCore.Docs/aspnetcore/security/index.md

---
title: Overview of ASP.NET Core Security
author: rachelappel
description: Learn about authentication, authorization, and security basics in ASP.NET Core.
manager: wpickett
ms.author: rachelap
ms.date: 11/01/2017
ms.prod: asp.net-core
ms.technology: aspnet
ms.topic: article
uid: security/index
---
# ASP.NET Core Security Overview

ASP.NET Core enables developers to easily configure and manage security for their apps. ASP.NET Core contains features for managing authentication, authorization, data protection, SSL enforcement, app secrets, anti-request forgery protection, and CORS management. These security features allow you to build robust yet secure ASP.NET Core apps.

## ASP.NET Core security features

ASP.NET Core provides many tools and libraries to secure your apps including built-in Identity providers but you can use 3rd party identity services such as Facebook, Twitter, or LinkedIn. With ASP.NET Core, you can easily manage app secrets, which are a way to store and use confidential information without having to expose it in the code.

## Authentication vs. Authorization

Authentication is a process in which a user provides credentials that are then compared to those stored in an operating system, database, app or resource. If they match, users authenticate successfully, and can then perform actions that they're authorized for, during an authorization process. The authorization refers to the process that determines what a user is allowed to do.

Another way to think of authentication is to consider it as a way to enter a space, such as a server, database, app or resource, while authorization is which actions the user can perform to which objects inside that space (server, database, or app).

## Common Vulnerabilities in software

ASP.NET Core and EF contain features that help you secure your apps and prevent security breaches. The following list of links takes you to documentation detailing techniques to avoid the most common security vulnerabilities in web apps:

* [Cross-site scripting attacks](https://docs.microsoft.com/aspnet/core/security/cross-site-scripting)
* [SQL injection attacks](https://docs.microsoft.com/ef/core/querying/raw-sql)
* [Cross-Site Request Forgery (CSRF)](https://docs.microsoft.com/aspnet/core/security/anti-request-forgery)
* [Open redirect attacks](https://docs.microsoft.com/aspnet/core/security/preventing-open-redirects)

There are more vulnerabilities that you should be aware of. For more information, see the section in this document on *ASP.NET Security Documentation*.

## ASP.NET Security Documentation

*   [Authentication](authentication/index.md)
    *   [Introduction to Identity](authentication/identity.md)
    *   [Enable authentication using Facebook, Google, and other external providers](authentication/social/index.md)
    *   [Enable authentication with WS-Federation](authentication/ws-federation.md)
    * [Configure Windows Authentication](authentication/windowsauth.md)
    *   [Account confirmation and password recovery](authentication/accconfirm.md)
    *   [Two-factor authentication with SMS](authentication/2fa.md)
    *   [Use cookie authentication without Identity](authentication/cookie.md)
    *   [Azure Active Directory](authentication/azure-active-directory/index.md)
        *   [Integrate Azure AD into an ASP.NET Core web app](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/)
        *   [Call an ASP.NET Core Web API from a WPF app using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-native-aspnetcore/)
        *   [Call a Web API in an ASP.NET Core web app using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore/)
        *   [An ASP.NET Core web app with Azure AD B2C](https://azure.microsoft.com/resources/samples/active-directory-b2c-dotnetcore-webapp/)
    *   [Secure ASP.NET Core apps with IdentityServer4](https://identityserver4.readthedocs.io)
*   [Authorization](authorization/index.md)
    *   [Introduction](authorization/introduction.md)
    *   [Create an app with user data protected by authorization](xref:security/authorization/secure-data)
    *   [Simple authorization](authorization/simple.md)
    *   [Role-based authorization](authorization/roles.md)
    *   [Claims-based authorization](authorization/claims.md)
    *   [Policy-based authorization](authorization/policies.md)
    *   [Dependency injection in requirement handlers](authorization/dependencyinjection.md)
    *   [Resource-based authorization](authorization/resourcebased.md)
    *   [View-based authorization](authorization/views.md)
    *   [Limit identity by scheme](authorization/limitingidentitybyscheme.md)
*   [Data protection](data-protection/index.md)
    *   [Introduction to data protection](data-protection/introduction.md)
    *   [Get started with the Data Protection APIs](data-protection/using-data-protection.md)
    *   [Consumer APIs](data-protection/consumer-apis/index.md)
        *   [Consumer APIs Overview](data-protection/consumer-apis/overview.md)
        *   [Purpose strings](data-protection/consumer-apis/purpose-strings.md)
        *   [Purpose hierarchy and multi-tenancy](data-protection/consumer-apis/purpose-strings-multitenancy.md)
        *   [Password hashing](data-protection/consumer-apis/password-hashing.md)
        *   [Limit the lifetime of protected payloads](data-protection/consumer-apis/limited-lifetime-payloads.md)
        *   [Unprotect payloads whose keys have been revoked](data-protection/consumer-apis/dangerous-unprotect.md)
    *   [Configuration](data-protection/configuration/index.md)
        *   [Configure data protection](data-protection/configuration/overview.md)
        *   [Default settings](data-protection/configuration/default-settings.md)
        *   [Machine-wide policy](data-protection/configuration/machine-wide-policy.md)
        *   [Non DI-aware scenarios](data-protection/configuration/non-di-scenarios.md)
    *   [Extensibility APIs](data-protection/extensibility/index.md)
        *   [Core cryptography extensibility](data-protection/extensibility/core-crypto.md)
        *   [Key management extensibility](data-protection/extensibility/key-management.md)
        *   [Miscellaneous APIs](data-protection/extensibility/misc-apis.md)
    *   [Implementation](data-protection/implementation/index.md)
        *   [Authenticated encryption details](data-protection/implementation/authenticated-encryption-details.md)
        *   [Subkey derivation and authenticated encryption](data-protection/implementation/subkeyderivation.md)
        *   [Context headers](data-protection/implementation/context-headers.md)
        *   [Key management](data-protection/implementation/key-management.md)
        *   [Key storage providers](data-protection/implementation/key-storage-providers.md)
        *   [Key encryption at rest](data-protection/implementation/key-encryption-at-rest.md)
        *   [Key immutability and changing settings](data-protection/implementation/key-immutability.md)
        *   [Key storage format](data-protection/implementation/key-storage-format.md)
        *   [Ephemeral data protection providers](data-protection/implementation/key-storage-ephemeral.md)
    *   [Compatibility](data-protection/compatibility/index.md)
        *   [Share cookies among apps](data-protection/compatibility/cookie-sharing.md)
        *   [Replace <machineKey> in ASP.NET](data-protection/compatibility/replacing-machinekey.md)
*   [Create an app with user data protected by authorization](xref:security/authorization/secure-data)
*   [Safe storage of app secrets during development](app-secrets.md)
*   [Azure Key Vault configuration provider](key-vault-configuration.md)
*   [Enforce SSL](enforcing-ssl.md)
*   [Anti-Request Forgery](anti-request-forgery.md)
*   [Prevent open redirect attacks](preventing-open-redirects.md)
*   [Prevent Cross-Site Scripting](cross-site-scripting.md)
*   [Enable Cross-Origin Requests (CORS)](cors.md)
Add docfx content 2016-10-29 01:35:15 +08:00			`---`
Organize metadata (#5296) Updates 2018-01-29 23:21:31 +08:00			`title: Overview of ASP.NET Core Security`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00			`author: rachelappel`
Organize metadata (#5296) Updates 2018-01-29 23:21:31 +08:00			`description: Learn about authentication, authorization, and security basics in ASP.NET Core.`
Add docfx content 2016-10-29 01:35:15 +08:00			`manager: wpickett`
Organize metadata (#5296) Updates 2018-01-29 23:21:31 +08:00			`ms.author: rachelap`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00			`ms.date: 11/01/2017`
Bulk metadata fix (#2871) * meta data fix * Revert "meta data fix" This reverts commit ba3688347667594a0967b08196cbb5308500a217. * meta data fix2 * test * Update owin-oauth-20-authorization-server.md * Update api-ref.md * Update api-ref.md * test * test2 2017-03-03 08:50:36 +08:00			`ms.prod: asp.net-core`
Organize metadata (#5296) Updates 2018-01-29 23:21:31 +08:00			`ms.technology: aspnet`
			`ms.topic: article`
move sub tocs to main toc (#4029) 2017-08-19 02:51:38 +08:00			`uid: security/index`
Add docfx content 2016-10-29 01:35:15 +08:00			`---`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00			`# ASP.NET Core Security Overview`

Tutorial for WS-Federation middleware (#5532) * Add WS-Federation middleware doc * Link to WS-Fed doc in sidebar * Link to WS-Fed doc in toc * UE edits * Remove file extension from xref link * Link to AAD docs * Update ws-federation.md * Add section for AAD * Minor tweaks 2018-02-28 03:45:04 +08:00			`ASP.NET Core enables developers to easily configure and manage security for their apps. ASP.NET Core contains features for managing authentication, authorization, data protection, SSL enforcement, app secrets, anti-request forgery protection, and CORS management. These security features allow you to build robust yet secure ASP.NET Core apps.`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00
			`## ASP.NET Core security features`

Tutorial for WS-Federation middleware (#5532) * Add WS-Federation middleware doc * Link to WS-Fed doc in sidebar * Link to WS-Fed doc in toc * UE edits * Remove file extension from xref link * Link to AAD docs * Update ws-federation.md * Add section for AAD * Minor tweaks 2018-02-28 03:45:04 +08:00			`ASP.NET Core provides many tools and libraries to secure your apps including built-in Identity providers but you can use 3rd party identity services such as Facebook, Twitter, or LinkedIn. With ASP.NET Core, you can easily manage app secrets, which are a way to store and use confidential information without having to expose it in the code.`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00
			`## Authentication vs. Authorization`

Tutorial for WS-Federation middleware (#5532) * Add WS-Federation middleware doc * Link to WS-Fed doc in sidebar * Link to WS-Fed doc in toc * UE edits * Remove file extension from xref link * Link to AAD docs * Update ws-federation.md * Add section for AAD * Minor tweaks 2018-02-28 03:45:04 +08:00			`Authentication is a process in which a user provides credentials that are then compared to those stored in an operating system, database, app or resource. If they match, users authenticate successfully, and can then perform actions that they're authorized for, during an authorization process. The authorization refers to the process that determines what a user is allowed to do.`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00
			`Another way to think of authentication is to consider it as a way to enter a space, such as a server, database, app or resource, while authorization is which actions the user can perform to which objects inside that space (server, database, or app).`

			`## Common Vulnerabilities in software`

			`ASP.NET Core and EF contain features that help you secure your apps and prevent security breaches. The following list of links takes you to documentation detailing techniques to avoid the most common security vulnerabilities in web apps:`

Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Cross-site scripting attacks](https://docs.microsoft.com/aspnet/core/security/cross-site-scripting)`
			`* [SQL injection attacks](https://docs.microsoft.com/ef/core/querying/raw-sql)`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00			`* [Cross-Site Request Forgery (CSRF)](https://docs.microsoft.com/aspnet/core/security/anti-request-forgery)`
			`* [Open redirect attacks](https://docs.microsoft.com/aspnet/core/security/preventing-open-redirects)`

Tutorial for WS-Federation middleware (#5532) * Add WS-Federation middleware doc * Link to WS-Fed doc in sidebar * Link to WS-Fed doc in toc * UE edits * Remove file extension from xref link * Link to AAD docs * Update ws-federation.md * Add section for AAD * Minor tweaks 2018-02-28 03:45:04 +08:00			`There are more vulnerabilities that you should be aware of. For more information, see the section in this document on ASP.NET Security Documentation.`
initial commit security landing page (#4700) 2017-11-16 03:24:53 +08:00
			`## ASP.NET Security Documentation`
Add docfx content 2016-10-29 01:35:15 +08:00
			`* [Authentication](authentication/index.md)`
			`* [Introduction to Identity](authentication/identity.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Enable authentication using Facebook, Google, and other external providers](authentication/social/index.md)`
Tutorial for WS-Federation middleware (#5532) * Add WS-Federation middleware doc * Link to WS-Fed doc in sidebar * Link to WS-Fed doc in toc * UE edits * Remove file extension from xref link * Link to AAD docs * Update ws-federation.md * Add section for AAD * Minor tweaks 2018-02-28 03:45:04 +08:00			`* [Enable authentication with WS-Federation](authentication/ws-federation.md)`
Configuring Windows Auth (#3622) * Initial draft of article * Adding TOC entries * Fix TOC link * Adding sample and figures. * Ready for PR * Fixing file reference error; replacing with code listing * Update windowsauth.md (#3628) * Removing sample * responding to feedback * Update windowsauth.md (#3630) * Update windowsauth.md * Update windowsauth.md * Update windowsauth.md * Update windowsauth.md * Responding to feedback and fixing links. * Update windowsauth.md * Added black border 2017-07-06 23:52:56 +08:00			`* [Configure Windows Authentication](authentication/windowsauth.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Account confirmation and password recovery](authentication/accconfirm.md)`
Tutorial for WS-Federation middleware (#5532) * Add WS-Federation middleware doc * Link to WS-Fed doc in sidebar * Link to WS-Fed doc in toc * UE edits * Remove file extension from xref link * Link to AAD docs * Update ws-federation.md * Add section for AAD * Minor tweaks 2018-02-28 03:45:04 +08:00			`* [Two-factor authentication with SMS](authentication/2fa.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Use cookie authentication without Identity](authentication/cookie.md)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Azure Active Directory](authentication/azure-active-directory/index.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Integrate Azure AD into an ASP.NET Core web app](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/)`
			`* [Call an ASP.NET Core Web API from a WPF app using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-native-aspnetcore/)`
			`* [Call a Web API in an ASP.NET Core web app using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore/)`
Fixed broken link (#4244) * Fixed broken link Fixed a broken Azure AD B2C sample link. * Removed localization segment from link 2017-09-11 22:40:25 +08:00			`* [An ASP.NET Core web app with Azure AD B2C](https://azure.microsoft.com/resources/samples/active-directory-b2c-dotnetcore-webapp/)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Secure ASP.NET Core apps with IdentityServer4](https://identityserver4.readthedocs.io)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Authorization](authorization/index.md)`
			`* [Introduction](authorization/introduction.md)`
Secure user data (#3336) * Secure user data * removed dead code * Revert "removed dead code" This reverts commit 3311e8e4d4ad0512024ff3370ddf07935c1e7e22. * move snippets to final15 * work * fix * work * work * work * work * work * work * work * work * work * CRUD check * work * rename * work * formatting * tdykstra feedback * work * tom feedback * work * work * joe feedback * work * download * fix * download link * download link 2017-05-31 04:11:31 +08:00			`* [Create an app with user data protected by authorization](xref:security/authorization/secure-data)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Simple authorization](authorization/simple.md)`
			`* [Role-based authorization](authorization/roles.md)`
			`* [Claims-based authorization](authorization/claims.md)`
			`* [Policy-based authorization](authorization/policies.md)`
			`* [Dependency injection in requirement handlers](authorization/dependencyinjection.md)`
Overhaul of resource-based auth doc (#4715) * Updates to resource based auth doc * More edits * More edits * Tag with mvc metadata * Verbiage tweaks * More edits * More MVC edits * More edits * Initial commit of sample app * Replace inline code with code imports * Add download link to sample app * Correct the requirement class name * Adjust line number * Verbiage tweak * More edits * Add 1.x sample * Update sample apps folder name in link * Minor edits * More edits * Fix metadata warnings * Code cleanup * Update description metadata * Update property name in csproj file * Update old namespaces in ASP.NET Core 2.x app * Update .NET Fx target framework TODO comments * Prevent action code from scrolling * Add Razor Pages sample * Fix line numbers for highlighting * Return ForbidResult when appropriate in 2.0 app * Add authentication assumption notes * Update metadata * React to Rick's feedback * Add 1.x handler snippets 2017-11-09 05:47:59 +08:00			`* [Resource-based authorization](authorization/resourcebased.md)`
Address customer verbatim in View-based auth doc (#4638) * Address customer verbatim in View-based auth doc * Minor edit * Update TOC link titles 2017-10-27 13:09:55 +08:00			`* [View-based authorization](authorization/views.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Limit identity by scheme](authorization/limitingidentitybyscheme.md)`
			`* [Data protection](data-protection/index.md)`
			`* [Introduction to data protection](data-protection/introduction.md)`
			`* [Get started with the Data Protection APIs](data-protection/using-data-protection.md)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Consumer APIs](data-protection/consumer-apis/index.md)`
			`* [Consumer APIs Overview](data-protection/consumer-apis/overview.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Purpose strings](data-protection/consumer-apis/purpose-strings.md)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Purpose hierarchy and multi-tenancy](data-protection/consumer-apis/purpose-strings-multitenancy.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Password hashing](data-protection/consumer-apis/password-hashing.md)`
			`* [Limit the lifetime of protected payloads](data-protection/consumer-apis/limited-lifetime-payloads.md)`
			`* [Unprotect payloads whose keys have been revoked](data-protection/consumer-apis/dangerous-unprotect.md)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Configuration](data-protection/configuration/index.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Configure data protection](data-protection/configuration/overview.md)`
			`* [Default settings](data-protection/configuration/default-settings.md)`
			`* [Machine-wide policy](data-protection/configuration/machine-wide-policy.md)`
			`* [Non DI-aware scenarios](data-protection/configuration/non-di-scenarios.md)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Extensibility APIs](data-protection/extensibility/index.md)`
			`* [Core cryptography extensibility](data-protection/extensibility/core-crypto.md)`
			`* [Key management extensibility](data-protection/extensibility/key-management.md)`
			`* [Miscellaneous APIs](data-protection/extensibility/misc-apis.md)`
			`* [Implementation](data-protection/implementation/index.md)`
Remove period from TOC link title (#4703) 2017-11-02 03:22:05 +08:00			`* [Authenticated encryption details](data-protection/implementation/authenticated-encryption-details.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Subkey derivation and authenticated encryption](data-protection/implementation/subkeyderivation.md)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Context headers](data-protection/implementation/context-headers.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Key management](data-protection/implementation/key-management.md)`
			`* [Key storage providers](data-protection/implementation/key-storage-providers.md)`
			`* [Key encryption at rest](data-protection/implementation/key-encryption-at-rest.md)`
			`* [Key immutability and changing settings](data-protection/implementation/key-immutability.md)`
			`* [Key storage format](data-protection/implementation/key-storage-format.md)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Ephemeral data protection providers](data-protection/implementation/key-storage-ephemeral.md)`
			`* [Compatibility](data-protection/compatibility/index.md)`
Cookie sharing topic update (#4981) 2018-01-23 04:14:05 +08:00			`* [Share cookies among apps](data-protection/compatibility/cookie-sharing.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Replace <machineKey> in ASP.NET](data-protection/compatibility/replacing-machinekey.md)`
Secure user data (#3336) * Secure user data * removed dead code * Revert "removed dead code" This reverts commit 3311e8e4d4ad0512024ff3370ddf07935c1e7e22. * move snippets to final15 * work * fix * work * work * work * work * work * work * work * work * work * CRUD check * work * rename * work * formatting * tdykstra feedback * work * tom feedback * work * work * joe feedback * work * download * fix * download link * download link 2017-05-31 04:11:31 +08:00			`* [Create an app with user data protected by authorization](xref:security/authorization/secure-data)`
Add docfx content 2016-10-29 01:35:15 +08:00			`* [Safe storage of app secrets during development](app-secrets.md)`
Key Vault Configuration Provider doc (#2531) * Update configuration.md * Create key-vault-configuration.md * Create appsettings.json * Add files via upload * Update README.md * Update KeyVaultConfigProviderSample.csproj * Create sample-output.png * Add files via upload * Update key-vault-configuration.md * Update Startup.cs * Add files via upload * Add files via upload * Add files via upload * Update Startup.cs * Update appsettings.json * Update Startup.cs * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Add files via upload * Add files via upload * Add files via upload * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update appsettings.json * React to feedback * React to feedback * Update index.md * Update toc.md * Update configuration.md * React to feedback - "When to use" section * Add a phrase to KeyVaultClient bit * Update key-vault-configuration.md * React to feedback * Minor update to ms.date * New implementation and local secret storage * Update KeyVaultConfigProviderSample.csproj * Update Program.cs * Minor phrasing adjustments * Update KeyVaultConfigProviderSample.csproj * Minor phrasing update * Add files via upload * Remove en-us from links * Update web.config * Delete License.txt * Update Markup.cs * Update Program.cs * Update Startup.cs * Update ms.date * Note .NET Core target 1.1.0+ * Update KeyVaultConfigProviderSample.csproj * Update KeyVaultConfigProviderSample.csproj * Remove compiler\resources line It isn't necessary, and it isn't in the templates. * Update KeyVaultConfigProviderSample.csproj * Create launchSettings.json * Update KeyVaultConfigProviderSample.csproj * Update Startup.cs * Update KeyVaultConfigProviderSample.csproj * Update KeyVaultConfigProviderSample.csproj * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Update key-vault-configuration.md * Minor updates * Minor update * Update the doc ms.date * Minor update 2017-02-14 04:03:08 +08:00			`* [Azure Key Vault configuration provider](key-vault-configuration.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Enforce SSL](enforcing-ssl.md)`
Fixing link Removing wrench icons 2017-03-27 22:44:25 +08:00			`* [Anti-Request Forgery](anti-request-forgery.md)`
Address TOC inconsistencies (#5154) * Address TOC inconsistencies * Fix broken links * Fix security-related TOCs * Add missing link to Authorization page 2018-01-11 03:58:43 +08:00			`* [Prevent open redirect attacks](preventing-open-redirects.md)`
			`* [Prevent Cross-Site Scripting](cross-site-scripting.md)`
			`* [Enable Cross-Origin Requests (CORS)](cors.md)`