Building APIs can be easy, but securing them is hard. We have external and internal applications, APIs, users, and more. Each might use a different authentication and authorization strategy, depending on customer and system needs. The stakes are high and there is no margin for error!

In this talk, we’ll look at the different categories of applications and users, and what possibilities we have for securing them. We’ll also look at what Azure provides for securing internal users and applications, and an external provider such as Auth0 for external users and applications. We’ll also cover different authentication and authorization strategies, and how we can map these to our various communication scenarios.

Finally, we’ll look at a full end-to-end example using .NET 5 and Azure, building out a playbook for the common and not-so-common scenarios we encounter.