Ever had to add the ability to your ASP.NET Core web application to authenticate users? Or built an API that needs to verify it's being called by the right clients? Be honest: did you fully understand what you were doing, or did you just copy-paste some code from StackOverflow or your favorite AI assistant and hope for the best?

In this session, I'll explain how authentication actually works in ASP.NET Core from start to finish. We'll begin with configuring the middleware, explore how authentication schemes are selected, and dig into handlers, tokens, cookies and headers.

Bring your questions, and leave your fear of AddAuthentication() behind!