Securing ASP.NET using OpenID Connect and IdentityServer

Today we are facing many authentication and authorization challenges regarding designing and developing modern applications. The requirements are more challenging than ever, especially when we need to support everything from mobile and SPA applications to microservices in the cloud.

OpenID Connect is the de-facto standard that we should use for handling authentication and authorization in modern applications today, but at the same time it can be very confusing with all the various concepts, including scopes, claims, flows, resources and tokens.

In this course you will learn:

  • How OAuth and OpenID Connect work in detail
  • How to set up your own instance of IdentityServer
  • How to secure your ASP.NET Core applications using OpenID Connect and IdentityServer

When we go through these things, we will not just configure various magic libraries; instead, we will take a look under the hood of OpenID Connect and IdentityServer to really understand what makes them tick.

We recommend that you have a good computer that can run multiple instances of Visual Studio and at least one big monitor. In this course we use ASP.NET Core 5 and IdentityServer 5.

After this course, we recommend that you take a look at the course IdentityServer in Production, where we will teach you how to create a real production-ready set-up of IdentityServer.

This course contains a lot of hands-on practical exercises where you will learn how to work with OpenID Connect and the latest version of Duende IdentityServer.

Target audience

ASP.NET Core developers who want to learn the fundamentals of OpenID Connect and how to protect applications using the latest version of IdentityServer. If you are using version 4.x of IdentityServer, then this course is still very relevant as most things in this course are the same.


Basic knowledge of

  • ASP.NET Core (e.g. our ASP.NET Core fundamentals course)
  • C# (LINQ / Lambda…)
  • The HTTP(S) protocol and how the web works in general
  • HTML


3 days.


In this course we will cover:

  • OAuth 2.1 / OpenID Connect
  • Certificates and HTTPS
  • Token services
  • Duende Identity Server v5.x
  • JSON Web Tokens (JWT)
  • Scopes and claims
    • Identity resources
    • API resources
    • APIScopes
  • Securing the tokens
  • Cross-origin resource sharing (CORS)
  • Flows
    • Implicit flow
    • Authorization code flow
    • Client credentials flow
  • Proof Key for Code Exchange (PKCE)
  • External identity providers
  • Application types:
    • Web applications
    • SPA and mobile applications
    • Server-to-server communication
  • ASP.NET Core
    • Authentication
    • Data protection API
    • Cookie authentication
    • Authorization
    • OpenID Connect
    • Claims transformations

And much more…

Securing ASP.NET Using OpenID Connect and IdentityServer

Article SKU

3 days


English, Swedish

Contact me for a price enquiry or to submit interest.

Training FAQs

Do you provide both on-site and remote training classes?

Yes, we provide both types of training.

Do you provide training in both Swedish and English?

Yes, both options are available. All our course materials are in English and we can teach the class in either Swedish or English.

Do you do half-day training?

When we run on-site, we usually do full-day classes. For remote training, we can provide options for both half and full days.

Do you do webinars and shorter talks?

Yes, please visit our Talks page for more details.

Do you provide customized courses?

Yes we do that. Contact me for more information.