HTTP/2 for ASP.NET Core developers

ASP.NET Core has supported HTTP/2 for a long time, and we are using it most of the time when we browse the web today. But what is HTTP/2? How is it different from HTTP/1.1? And what problems does it solve?

In this talk, you will learn what HTTP/2 is and how developers can take advantage of the new capabilities that HTTP/2 brings. At the end of the talk, we will also look ahead at HTTP/3, and what that will bring to us in the future.

ASP.NET Core observability - From health to tracing

Being able to observe your ASP.NET Core services in production effectively is crucial if you want to get a complete picture of the health and activity of your system.

In this session, I will give you an overview of the four pillars of observability: logging, metrics, tracing, and health.

Expect a session with plenty of hands-on demonstrations where we will be using some of the popular observability tools and how we can integrate them in ASP.NET Core.

This talk is an extract from my training class about Observabilty.

Introduction to OpenID Connect and OAuth

OpenID Connect is the de-facto standard we should use for handling authentication and authorization in modern applications. However, it can still be very complex and confusing with all the various concepts, including scopes, claims, flows, resources, and tokens.

In this one-day workshop, you will learn:

* Authentication vs. authorization
* How OAuth 2.x and OpenID Connect work
* Fundamental concepts
* How a client authenticates against an authorization server
* How to retrieve and consume JWT tokens
* How OpenID Connect fits into your architecture
* How the tokens are secured and managed

This course includes many hands-on exercises that will help you understand how the protocol works under the hood.

The target audience is developers and architects who want to learn the fundamentals and how to protect applications using OAuth2 and OpenID Connect. This workshok focuses on the various standards and protocols, not on a specific implementation or programming language.

Prerequisites
It would be best if you had a good understanding of the following:

* The HTTP(s) protocol (including methods, headers, and cookies…)
* How the web works in general
* Some experience in developing backend web solutions

Agenda
In this course, we will cover the following:

* Introduction
* Token Service
* Implicit flow
* How does this flow work
* JWT tokens
* Claims and scopes
* Securing the token
* Authorization Code Flow
* Client Credentials flow
* Refresh tokens
* Proof Key for Code Exchange (PKCE)
* Backend for Frontend (BFF)
* OAuth 2.1
* And much more…

To facilitate hands-on learning, I provide a cloud-based exercise environment using Azure Cloud VMs. This setup allows participants to connect via remote desktop without needing to install anything locally, making it accessible to anyone with a remote desktop connection.

I will also provide all the exercises in paper-form, because having the exercises in digitl form will make the workshop experience worse.

Authentication and authorization in ASPNET Core

Dive into the intricate world of ASP.NET Core's authentication and authorization in this one-day course. While these topics can seem daunting, our goal is to demystify them, laying a strong foundation to secure your applications effectively. By mastering the content of this course, you'll be in an ideal position move into the world of OpenID Connect and ASP.NET Core Identity.

Please note: this course does not delve into OpenID Connect, OAuth, or ASP.NET Core Identity.

What to expect during the class:
Expect a blend of informative presentations, live demonstrations, and intensive hands-on exercises throughout the course, all updated to align with ASP.NET Core 8's latest features.

Target audience:
Developers and architects keen on mastering the fundamentals of authentication and authorization in ASP.NET Core.

Duration:
1 day

Prerequisites:
To make the most of this course, participants should be familiar with:
* The dynamics of HTTP(s) protocol, including its methods, headers, and cookies.
* A foundational grasp of how the web operates.
* Web and API development leveraging ASP.NET Core.
* Proficiency in C# and .NET.

Agenda:
In this course, we will cover the following:
* Introduction
* The Request Pipeline: From initiation to response.
* Dive into HttpContext and the User Object.
* Understanding ClaimsPrincipal & Claims.
* Authentication
* Exploring Schemes and Handlers.
* Mechanisms of Signing In/Out.
* Cookie authentication
* Unpacking SameSite.
* Cookie Lifespan: Sliding vs. Absolute Expiration.
* Cookie Security
* Data Protection API
* Configuration
* Keys and the keyring
* Claims management
* Authorization
* Policy-based Authorization: From basics to advanced.
* Crafting Simple to Advanced Policies.
* Diving into Requirements and Handlers.
* OpenID Connect
* Introducing OIDC handler
* Securing APIs
* JwtBearer handler

Requires Visual Studio 2022, with .NET 8. this is is a 1-day workshop.

Target ASP.NET Core developers.

this is a topic that I have developed many courses in and I also have many Stack Overflow badges in.

Moving to modern C#

Stay ahead of the curve with the rapidly evolving C# language. This one-day workshop is tailored to immerse you in the modern advancements introduced to C# and .NET, empowering you to craft efficient and contemporary applications.

What to expect during the class:
* Engaging lectures updating you on C# 12 and .NET 8 enhancements.
* Live demonstrations elucidating complex topics.
* Hands-on exercises for practical experience and reinforcement.

Duration:
1-day

Target audience
Experienced C# developers who want to learn the new and modern features in C# and .NET.

Prerequisites:
A few years of C# development experience and proficiency in core concepts like generics, lambdas, and LINQ are essential to fully benefit from this workshop.

Agenda
This workshop will cover:
* Source generators
* Ahead-of-time compilation (AOT)
* Value Tuples
* Deconstruction
* Creating value objects using records
* With-expressions
* Value-based equality
* Pattern matching
* is expression enhancements
* Switch expressions
* Property pattern, Tuple pattern, Positional pattern, etc.
* The new TimeProvider type
* Primary constructors
* Collection expressions
* Top level statements
* Namespaces and usings
* global using directives
* Implicit usings
* File scoped namespaces
* Nullability
* Nullable reference types
* Using the ? and ! annotations
* Null operators
* Recent features in Visual Studio
* http files
* Property Innovations:
* Init Properties
* Required members
* Lambda Improvements:
* Local functions
* Expression-bodied members
* And much more!

I have taught C# class for over 10 years, and all the participants need is Visual Studio 2022 with .NET 8 installed.

Web application security (1-day)

Security is everyone’s job. Developers, service engineers, and program and product managers must understand security basics and know how to build security into software and services to make products more secure while addressing business needs and delivering user value.

In this one-day workshop, we will introduce you to why security is important, how common attacks are executed, and what we, as developers, can do to protect our systems from these attacks.

This workshop contains plenty of hands-on exercises that allow the participant to learn by doing.

After the course
The participant will understand why security is important, how common attacks are carried out, and how to protect your applications against these attacks. During this course, the participant will also understand how the web works and how to think like an attacker.

Target audience
This course targets developers on all platforms, including .NET, Java, JavaScript, and PHP.

Prerequisites
You should understand how the web works and have a basic web development experience, including HTTP, HTML, and JavaScript.

Agenda
* Introduction
* Social engineering
* Encoding
* Unicode
* HTTPS
* XSS - (Cross-Site Scripting)
* CSP - (Content Security Policy)
* CSRF - (Cross-Site Request Forgery)
* Securing our cookies
* Writing more secure code
* OWASP top 10
* OWASP Application Security Verification Standard
* And more…

I have taught this topic/course for over 10 years, and this workshop is based on a 2-day class I have in the topic at https://tn-data.se/courses/web-security-fundamentals/.

The participant only needs to be able to install https://www.telerik.com/download/fiddler to be able to join the class.

The target audience is web developers on all levels who want to get into the fundamentals of web security.

This is a 1-day workshop.

Demystifying authentication in ASP.NET Core

In this talk, we'll explain how authentication works in ASP.NET Core 8, which can be complicated and have many different parts. We'll cover the main ideas, such as schemas, handlers, ClaimsPrincipal, claims, challenges, session cookies, and more. It will be a practical, in-depth look at how authentication actually works in ASP.NET Core 8.

Target audience: ASP.NET Developers who want to learn how authentication works in ASP.NET Core. A mix of presentations, hands-on coding, and live demonstrations.

Asynchronous Programming in C# (workshop)

In today's dynamic software landscape, mastering asynchronous programming is increasingly essential for writing faster, hardware-optimized applications. As multi-core CPUs are now standard, parallel processing is the key to unlocking performance.

This comprehensive two-day course for seasoned C# and .NET developers will cover a wide range of topics, from threads, tasks and async/await to advanced features like task schedulers and asynchronous streams.

Included are plenty of hands-on exercises that enable you to master and apply the concepts of asynchronous programming. By the end of this course, you will understand how to use asynchronous techniques to optimize your applications' efficiency, scalability, and responsiveness.

Audience
Experienced C# developers who want to understand how to correctly write asynchronous programming to enhance their applications using asynchronous and parallel programming.

Prerequisites
To get the most out of this training, participants should have at least one year of experience as a C# developer. A strong understanding of C#, including generics, lambdas, and LINQ, is crucial. Previous experience in parallel or async programming is not required.

# agenda

* Introduction, Processes and Threads
* Thread pool
* Tasks
* Waiting for tasks
* Error Handling in Asynchronous Programming
* Cancelling tasks
* Continuations
* Async - await
* Task Schedulers
* Synchronization contexts
* Value Tasks
* Asynchronous Streams
* and much more.

A more detailed agenda can be provided. This workshop/training class has been delivered multiple times to companies in Sweden. The workshop is a very hands-on workshop with plenty of exercises. I, as a trainer, have +14 years of experience in delivering training to customers.

Building Secure Web Applications: A Hands-on Approach (2-days)

Security is everyone’s responsibility—developers, service engineers, and product managers alike must understand the fundamentals of security. This knowledge helps them build secure software and services that balance business needs and deliver user value.

In this two-day workshop, we’ll explore why security is critical, how common attacks are executed, and what developers can do to protect their systems from these threats.

Participants will engage in hands-on exercises, learning by doing and gaining practical experience in securing web applications.

Target audience
This workshop is ideal for web developers working across various platforms, including .NET, Java, JavaScript, and PHP.

Prerequisites
Participants should have a basic understanding of how the web works and experience in web development, including familiarity with HTTP, HTML, and JavaScript.

In this workshop, we will cover concepts like:

Social Engineering
Securing HTTPS
Unicode
Cross-Site Scripting (XSS)
Preventing XSS with Content Security Policy (CSP)
Cross-Site Request Forgery (CSRF)
Securing your cookies
Same site cookies
Cross-Origin Resource Sharing (CORS)
SQL Injections
Authentication
Application DoS attacks
Securing passwords
Preventing data leaks
Intercepting proxies
Supply-chain attacks
Subresource Integrity

And much more…

have been teaching this course to companies for over 10 years, and this workshop is identical to the one offered here: Web Security Fundamentals. It is a highy apprechiated course.

The workshop is designed for web developers at all skill levels who want to build a solid foundation in web security.

To facilitate hands-on learning, I provide a cloud-based exercise environment using Azure Cloud VMs. This setup allows participants to connect via remote desktop without needing to install anything locally, making it accessible to anyone with a remote desktop connection.

I will also provide all the exercises in paper-form, because having the exercises in digitl form will make the workshop experience worse.

C# Expert (3-day Workshop)

Expanded with new content and updated for C# 12 and .NET 8, this three day workshop takes you on an intensive deep dive into the advanced concepts and tools of C# in .NET. Crafted with over 20 years of experience, this course is packed with presentations, live demonstrations and hands-on exercises that equip you with the best practices and tools for making your life easier as a developer, while helping you to create exceptional modern applications.

Who Is This workshop For?

This course is for developers that want to master the advanced features of C#, enabling them to write applications that deliver more value, performance and scalability using the latest tools and techniques that are being utilized today. The course covers the latest features and inner workings of C# 12 and .NET 8, but is also applicable to developers using older versions of C#.

Prerequisites

This course assumes you have worked as a C# developers for at least a year. You should be comfortable using Visual Studio, Lambda expressions, and LINQ.

What You Will Learn:

About the teacher
Introduction
Source Generators
Visual Studio
Editor Config
Lambda Expressions refresh
Advanced lambda expressions
Optimizing lambda expressions
Value Tuples
Pattern matching
Switch Expressions
Non-nullable reference types
Value objects
Records
From Task to Async/await
Dynamic
Reflection
Event Driven Application
TimeProvider
...

This is a hands-on workshop with about 50% of hands-on exercises and 50% of demonstrations and presentations. I have taught C# for over 10 years professionally to companies, in both Sweden and abroad.

The students only need to have Visual Studio 2022 on their machines.

I will also provide all the exercises in paper-form, because having the exercises in digitl form will make the workshop experience worse if they just have a single laptop screen.

Top Authentication Fails in ASP.NET Core (and How to Avoid Them)

After writing over 1,000 answers on Stack Overflow, mostly about authentication and OpenID Connect, I've seen the same mistakes and pitfalls appear over and over. In this talk, I'll share some of the most common mistakes developers make when building authentication solutions.

From simple misconfigurations to deeper misunderstandings of protocols and security flows, we'll explore the traps that are all too easy to fall into when working with ASP.NET Core authentication. You'll learn why some common practices are actually anti-patterns, how to avoid opening security vulnerabilities, and what best practices can help you build secure, reliable authentication.

It will also feature live hands-on demonstrations to illustrate these concepts in practice. My experience will help you save time and build secure authentication solutions.

The talk will contain a good mix of hands-on demonstrations in code and presentations.

Target audience: ASP.NET Core and .NET Developers.

Introducing the Azure Cloud Debugging Tool

As I prepared for the AZ-204 certification, I developed a tool designed to aid in learning and troubleshooting Azure projects. In this talk I will be sharing the inspiration behind its creation, the process of building it, and how it can become an invaluable resource in your Azure projects.

AddJwtBearer - deep dive

Most use the JwtBearer authentication handler in ASP.NET Core to secure our APIs. But what does it actually do? What makes it tick? What security and reliability considerations should we be aware of when we go to production? And finally, are there any changes in .NET 7? In this presentation, we will try to bring clarity to these questions.

Demystifying authentication in ASP.NET Core (Workshop)

Authentication in ASP.NET Core is a complex beast with many concepts and moving parts. In this session, I will clarify how authentication in ASP.NET Core works and explain the key concepts including schemas, handlers, ClaimsPrincipal, claims, challenges, session cookies, and more. Expect a hands-on and a deep dive into the world of authentication.

The target audience is ASP.NET Core developers who want to learn the fundamentals of authentication, the material is part of my training classes in the topic.