A practical look at security and identity in ASP.NET Core and Entity Framework Core

This is a talk about what happened when a client asked me to build a big, multi-tenant web application, and they said “we have quite a complex set of rules on what our user can do”. That turned into quite a journey.

In this session I will take you through the design we used to get ASP.NET Core and Entity Framework Core to provide both feature-level authorization (e.g. controlling what Web APIs/pages the user can access) and data-level authorization (i.e. controlling what data they can see).