You’ve probably seen how a ASP.NET Core application works, but authentication and authorization are a different cup of tea. Microsoft completely re-did a large part of these security features in ASP.NET Core and expanded on that in version 2.ASP.NET Identity enables you to do authentication for a single application and has a lot of ready-to-go features, but isn’t it better to do centralized authentication with a token service? And where do OpenIDConnect and OAuth2 come in? We’ll explore these questions and I’ll explain and show you both ASP.NET Core identity the IdentityServer framework that helps you write a token service.Authorization has undergone a complete overhaul in ASP.NET Core. There’s still the authorize attribute, but the recommended way of using it is by utilizing policies. You’ll see how that works as well.After this session you’ll know what options you have for implementing authentication in ASP.NET Core 2. And you will understand how to implement these options. Also you’ll know how to enforce authorization rules in your ASP.NET Core app.