Session
Getting Authorization Right in .NET: Patterns, Pitfalls, and Practical Guidance
Authentication gets the spotlight, but authorization is where real access control happens—and getting it right is critical for secure and maintainable applications. This session dives deep into modern authorization patterns in .NET, helping you move beyond if(user.IsInRole()) to scalable, flexible, and secure designs using fine-grained authorization patterns.
The session will cover:
* The built-in authorization model in ASP.NET Core, including policies, roles, and claims
* Attribute-based vs. resource-based authorization
* Custom policy and handler development
* Managing fine-grained permissions across microservices and APIs
* Externalizing authorization decisions using centralized authorization systems
* Best practices for combining authentication (OIDC / OAuth2) with robust authorization logic
* Common pitfalls—like hardcoding roles or overloading claims—and how to avoid them
This session will equip you with the patterns and practices to build secure, testable, and future-proof authorization in .NET.
Michele Leroux Bustamante
CEO, Solliance Inc; Founder PolicyServer; Cloud / Security Architect; Microsoft RD
San Diego, California, United States
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top