The Data Protection API protects authentication cookies, antiforgery tokens, and other sensitive data in ASP.NET Core. It often “just works” in development, but in production it can cause broken logins and random sign-outs after redeployments or when scaling out behind a load balancer.

This session explains Data Protection from a production-first perspective. We will cover how key rings are created and rotated, why multi-instance setups fail, how purpose strings affect isolation and interoperability, and how to safely share authentication cookies across services.

You will leave with a clear understanding of how ASP.NET Core applications behave in production and what is required to run Data Protection reliably at scale.

Presentation with slides and live demos, taught at user-groups before. Target audience ASP.NET Core Developers running things in production.