Authentication in ASP.NET Core is straightforward to get running, but real systems fail in production in ways that are easy to miss in development. Based on the problems I repeatedly see when coaching developer teams and reviewing real applications, this talk covers the most common authentication mistakes and the practical fixes that prevent them.

We will walk through failures such as Data Protection key handling across environments and multi-instance deployments, why users get logged out after redeployments, and cookie pitfalls that lead to unreliable sign-in and sign-out behavior. We will also cover common OpenID Connect integration surprises, including backchannel and metadata behavior during outages and framework upgrades.

The session includes live demonstrations and actionable configuration guidance. You will leave with a clear mental model and practical guidance for architecting and operating ASP.NET Core authentication in production.

The talk will contain a good mix of hands-on demonstrations in code and presentations.

Target audience: ASP.NET Core and .NET Developers.