Getting Authorization Right in .NET: Patterns, Pitfalls, and Practical Guidance - Michele Bustamante

Getting Authorization Right in .NET: Patterns, Pitfalls, and Practical Guidance - Michele Leroux Bustamante

This talk was recorded at the Lisbon Exhibition and Congress Centre in Lisbon, Portugal. #azuredevsummit #ndcconferences #techorama #microsoft #developer #softwaredeveloper

Subscribe to our other YouTube channels and learn every day:

Follow ‪@NDC‬

https://ndcconferences.com/
  / ndcconferences  
  / ndc_conferences  
  / ​  

Follow ‪@techorama-conf‬

https://techorama.be/
  / techorama  
  / techorama_conf  
https://x.com/techoramaBE

#dotnet #architecture #security #aspdotnetcore #api #microservices

Authentication gets the spotlight, but authorization is where real access control happens—and getting it right is critical for secure and maintainable applications.

This session dives deep into modern authorization patterns in .NET, helping you move beyond if(user.IsInRole()) to scalable, flexible, and secure designs using fine-grained authorization patterns.

The session will cover:
The built-in authorization model in ASP.NET Core, including policies, roles, and claims
Attribute-based vs. resource-based authorization
Custom policy and handler development
Managing fine-grained permissions across microservices and APIs
Externalizing authorization decisions using centralized authorization systems
Best practices for combining authentication (OIDC / OAuth2) with robust authorization logic
Common pitfalls—like hardcoding roles or overloading claims—and how to avoid them

This session will equip you with the patterns and practices to build secure, testable, and future-proof authorization in .NET.