AspNetCore.Docs/aspnetcore/security/index.md

---
title: Security
author: rick-anderson
description: 
keywords: ASP.NET Core,
ms.author: riande
manager: wpickett
ms.date: 10/14/2016
ms.topic: article
ms.assetid: a8fb7eb7-e0e5-4394-84f3-1f1dbe012345
ms.technology: aspnet
ms.prod: asp.net-core
uid: security/index
---
# Security

*   [Authentication](authentication/index.md)
    *   [Introduction to Identity](authentication/identity.md)
    *   [Enabling authentication using Facebook, Google and other external providers](authentication/social/index.md)
    * [Configure Windows Authentication](authentication/windowsauth.md)
    *   [Account Confirmation and Password Recovery](authentication/accconfirm.md)
    *   [Two-factor authentication with SMS](authentication/2fa.md) 
    *   [Using Cookie Authentication without ASP.NET Core Identity](authentication/cookie.md)
    *   [Azure Active Directory](authentication/azure-active-directory/index.md)
        *   [Integrating Azure AD Into an ASP.NET Core Web App](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore)
        *   [Calling a ASP.NET Core Web API From a WPF Application Using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-native-aspnetcore)
        *   [Calling a Web API in an ASP.NET Core Web Application Using Azure AD](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore/)
        *   [An ASP.NET Core web app with Azure AD B2C](https://azure.microsoft.com/documentation/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore-b2c/)
    *   [Securing ASP.NET Core apps with IdentityServer4](https://identityserver4.readthedocs.io)
*   [Authorization](authorization/index.md)
    *   [Introduction](authorization/introduction.md)
    *   [Create an app with user data protected by authorization](xref:security/authorization/secure-data)
    *   [Simple Authorization](authorization/simple.md)
    *   [Role based Authorization](authorization/roles.md)
    *   [Claims-Based Authorization](authorization/claims.md)
    *   [Custom Policy-Based Authorization](authorization/policies.md)
    *   [Dependency Injection in requirement handlers](authorization/dependencyinjection.md)
    *   [Resource Based Authorization](authorization/resourcebased.md)
    *   [View Based Authorization](authorization/views.md)
    *   [Limiting identity by scheme](authorization/limitingidentitybyscheme.md)
*   [Data Protection](data-protection/index.md)
    *   [Introduction to Data Protection](data-protection/introduction.md)
    *   [Getting Started with the Data Protection APIs](data-protection/using-data-protection.md)
    *   [Consumer APIs](data-protection/consumer-apis/index.md)
        *   [Consumer APIs Overview](data-protection/consumer-apis/overview.md)
        *   [Purpose Strings](data-protection/consumer-apis/purpose-strings.md)
        *   [Purpose hierarchy and multi-tenancy](data-protection/consumer-apis/purpose-strings-multitenancy.md)
        *   [Password Hashing](data-protection/consumer-apis/password-hashing.md)
        *   [Limiting the lifetime of protected payloads](data-protection/consumer-apis/limited-lifetime-payloads.md)
        *   [Unprotecting payloads whose keys have been revoked](data-protection/consumer-apis/dangerous-unprotect.md)
    *   [Configuration](data-protection/configuration/index.md)
        *   [Configuring Data Protection](data-protection/configuration/overview.md)
        *   [Default Settings](data-protection/configuration/default-settings.md)
        *   [Machine Wide Policy](data-protection/configuration/machine-wide-policy.md)
        *   [Non DI Aware Scenarios](data-protection/configuration/non-di-scenarios.md)
    *   [Extensibility APIs](data-protection/extensibility/index.md)
        *   [Core cryptography extensibility](data-protection/extensibility/core-crypto.md)
        *   [Key management extensibility](data-protection/extensibility/key-management.md)
        *   [Miscellaneous APIs](data-protection/extensibility/misc-apis.md)
    *   [Implementation](data-protection/implementation/index.md)
        *   [Authenticated encryption details.](data-protection/implementation/authenticated-encryption-details.md)
        *   [Subkey Derivation and Authenticated Encryption](data-protection/implementation/subkeyderivation.md)
        *   [Context headers](data-protection/implementation/context-headers.md)
        *   [Key Management](data-protection/implementation/key-management.md)
        *   [Key Storage Providers](data-protection/implementation/key-storage-providers.md)
        *   [Key Encryption At Rest](data-protection/implementation/key-encryption-at-rest.md)
        *   [Key Immutability and Changing Settings](data-protection/implementation/key-immutability.md)
        *   [Key Storage Format](data-protection/implementation/key-storage-format.md)
        *   [Ephemeral data protection providers](data-protection/implementation/key-storage-ephemeral.md)
    *   [Compatibility](data-protection/compatibility/index.md)
        *   [Sharing cookies between applications](data-protection/compatibility/cookie-sharing.md)
        *   [Replacing <machineKey> in ASP.NET](data-protection/compatibility/replacing-machinekey.md)
*   [Create an app with user data protected by authorization](xref:security/authorization/secure-data)
*   [Safe storage of app secrets during development](app-secrets.md)
*   [Azure Key Vault configuration provider](key-vault-configuration.md)
*   [Enforcing SSL](enforcing-ssl.md)
*   [Setting up HTTPS for development](https.md)
*   [Anti-Request Forgery](anti-request-forgery.md)
*   [Preventing Open Redirect Attacks](preventing-open-redirects.md)
*   [Preventing Cross-Site Scripting](cross-site-scripting.md)
*   [Enabling Cross-Origin Requests (CORS)](cors.md)