AspNetCore.Docs/aspnetcore/security/index.md

title	author	ms.author	manager	ms.date	ms.topic	ms.assetid	ms.prod
Security	rick-anderson	riande	wpickett	10/14/2016	article	a8fb7eb7-e0e5-4394-84f3-1f1dbe012345	aspnet-core

Security

• Authentication
  • Introduction to Identity
  • Enabling authentication using Facebook, Google and other external providers
  • Account Confirmation and Password Recovery
  • Two-factor authentication with SMS
  • 🔧 Supporting Third Party Clients using OAuth 2.0
  • Using Cookie Middleware without ASP.NET Core Identity
  • Azure Active Directory
    • Integrating Azure AD Into an ASP.NET Core Web App
    • Calling a ASP.NET Core Web API From a WPF Application Using Azure AD
    • Calling a Web API in an ASP.NET Core Web Application Using Azure AD
    • An ASP.NET Core web app with Azure AD B2C
  • Securing ASP.NET Core apps with IdentityServer4
• Authorization
  • Introduction
  • Simple Authorization
  • Role based Authorization
  • Claims-Based Authorization
  • Custom Policy-Based Authorization
  • Dependency Injection in requirement handlers
  • Resource Based Authorization
  • View Based Authorization
  • Limiting identity by scheme
  • 🔧 Authorization Filters
• Data Protection
  • Introduction to Data Protection
  • Getting Started with the Data Protection APIs
  • Consumer APIs
    • Consumer APIs Overview
    • Purpose Strings
    • Purpose hierarchy and multi-tenancy
    • Password Hashing
    • Limiting the lifetime of protected payloads
    • Unprotecting payloads whose keys have been revoked
  • Configuration
    • Configuring Data Protection
    • Default Settings
    • Machine Wide Policy
    • Non DI Aware Scenarios
  • Extensibility APIs
    • Core cryptography extensibility
    • Key management extensibility
    • Miscellaneous APIs
  • Implementation
    • Authenticated encryption details.
    • Subkey Derivation and Authenticated Encryption
    • Context headers
    • Key Management
    • Key Storage Providers
    • Key Encryption At Rest
    • Key Immutability and Changing Settings
    • Key Storage Format
    • Ephemeral data protection providers
  • Compatibility
    • Sharing cookies between applications
    • Replacing in ASP.NET
• Safe storage of app secrets during development
• 🔧 Enforcing SSL
• 🔧 Anti-Request Forgery
• 🔧 Preventing Open Redirect Attacks
• Preventing Cross-Site Scripting
• Enabling Cross-Origin Requests (CORS)