I was fortunate enough to catch a two day deep-dive of Identity Servers and .NET Core presented by Brock Allen at DEVIntersection last fall and have been playing with it here and there for the last six months. I'm finding myself becoming more and more obsessed with ensuring projects are locked down from folks at badguy.com. While there are many vectors of attack, basic user authentication is a first line of defense in any system and I've come a long way from my first stab at basic locking down of an API.
After working with Identity, OpenID Connect, and JSON Web tokens for a few months, I offered to talk at this month's WVSE Meetup. I'll parse out the major parts of it in future posts, but my presentation and sample code can be found at GitHub.