Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Secure Your APIs: JWT, Roles & Policies in ASP.NET Core
Important Introduction
About This Course
Telegram Group for This Course
π¦ Introduction - Course Orientation (Continuation Mode)
π How This Course Continues From Course #1 -Introduction to RESTFul API's? (16:52)
π Running & Verifying the Existing Student API (21:14)
π Security Upgrade Roadmap (25:15)
π¦ Module 1 β Security Audit (Why the Current API Is Unsafe)
π Security Audit β Attacking the Existing Student API (39:22)
β Quiz β Security Audit: Attacking the Existing Student API
π Defining Security Boundaries for Student Endpoints (24:35)
β Quiz β Defining Security Boundaries for Student Endpoints
𧱠Security Maturity Levels (Self-Read)
π Security Maturity Levels
β Quiz - Security Maturity Levels
π§ Common API Security Myths (That Break Real Systems)
π Common API Security Myths (That Break Real Systems)
β Quiz - Common API Security Myths
π¦ Module 2 -π¦π𧬠Encoding vs Encryption vs Hashing β Explained
π Encoding vs Encryption vs Hashing (13:19)
π Encoding (28:29)
π§ͺ Encoding Demo (.NET) β Encoding β Security
π Encryption (25:52)
π§ͺ Encryption Demo (.NET) β Protecting data that must be read again
π Hashing (27:25)
β Quiz β Encoding vs Encryption vs Hashing
π π Salting & Slow Hashing (Defending Against Real Attacks) (25:03)
π§ͺ Hashing Demo (.NET) β Protecting secrets that must never be revealed
β Quiz β π Salting & Slow Hashing (Defending Against Real Attacks)
π¦ Module 3 β Basic Shield (HTTPS + CORS)
π HTTPS for Beginners (32:12)
β Quiz - HTTPS for Beginners
π Enforcing HTTPS (22:55)
β Quiz - Enforcing HTTPS in ASP.NET Core
π CORS for Beginners (32:14)
β Quiz β CORS for Beginners
π π οΈ ASP.NET Core CORS Configuration (31:54)
β Quiz β π οΈ ASP.NET Core CORS Configuration
π Where We Are Now β And Why We Must Continue
π¦ Module 4 β Authentication with JWT (Core Module)
π Why Authentication Is Needed Now? (20:25)
β Quiz β Why Authentication Is Needed Now?
π JWT Explained (Student Identity Analogy) (10:48)
β Quiz β JWT Explained (Student Identity Analogy)
π JWT Structure - Header, Payload & Signature Explained (9:00)
β Quiz β JWT Structure: Header, Payload & Signature
π Preparing Student Data for Login (In-Memory DB) (21:55)
ππ Login Endpoint β Verifying Passwords & Issuing JWT (39:24)
ππ οΈ Protecting Student Endpoints with JWT Authentication Middleware (14:47)
π§ͺ π Testing Secured APIs with Swagger (JWT Authorization) (6:13)
π§ͺ π Testing Secured Student API Using a C# Console Client (7:42)
π Where You Are Now β And What Comes Next (7:21)
π¦ Module 5 β Authorization with Roles (Admin vs Student)
π Role-Based Authorization β What Can Students and Admins Do? (13:02)
ππ οΈ Implementing Role-Based Authorization in the Student API (13:07)
π¦ Module 6 - Ownership Rules (Policies)
π π§ Ownership-Based Authorization β Is This Your Data? (15:26)
π π οΈ Implementing Ownership Checks in the Student API (12:16)
β Quiz β Ownership-Based Authorization
Answering: What is middleware?
Answering : Can i save a lot of permissions in the token? is it Safe? (7:35)
π π‘οΈ Policy-Based Authorization & Advanced Rules (26:16)
π 𧱠Applying Policies Across the Student API (Self Read)
β Quiz β Policy-Based Authorization & Advanced Rules
π¦π§± Module 7 - Production Hardening
𧱠Production Hardening - Making the API Survive Reality (Self-Read)
πΉ 7.1 - Token Expiration & Refresh Tokens
π Token Expiration & Refresh Tokens (42:47)
β Quiz β Token Expiration & Refresh Tokens
π Implementing Refresh Tokens (25:52)
π Implement Refresh Tokens in Client Side (10:38)
πΉ7.2 - Brute-Force & Abuse
π What Brute-Force Attacks Look Like? (10:45)
π How Attackers Abuse Login Endpoints? (8:30)
π Why Authentication Without Limits Is Dangerous? (11:18)
β Quiz β Preventing Brute-Force & Abuse
πΉ7.3 - Abuse Protection (Rate Limiting)
π Rate Limiting β Protecting Login & Refresh Endpoints from Abuse (18:12)
β Quiz β Rate Limiting: Protecting Login & Refresh Endpoints from Abuse
π Implement Rate Limiting in Student API (10:54)
π Testing Rate Limiting in Student API (Fixed Window + Per IP + 429) (8:38)
π§ͺ C# Console Rate Limit Tester (Self Read)
π Advanced Rate Limiting Strategies (Self Read)
πΉ 7.4 - Logging & Auditing (Security Visibility)
π Logging, Auditing & Monitoring (Making Your API See, Trace, and Defend Itself) (32:14)
β Quiz β Logging, Auditing & Monitoring
π Logging & Auditing β Seeing and Tracing Security Events
π Logs as a Security Feature
π Logging Failed Logins
π Auditing Admin Actions
π Avoiding Sensitive Data Leaks in Logs
π Security Alerts & Monitoring
π Implementing Secure Logging & Auditing in the Student API (27:11)
πποΈ 7.5 - Secret Protection - Storing the Security Key (Secrets Management)
π Why the JWT Security Key Must Never Leave the Server?
π What If the Server Gets Hacked?
π Storing the Security Key β Where Is the Safest Place?
π Storing the JWT Security Key Using Environment Variables
π Storing the JWT Security Key Using Azure Key Vault
π Using Azure Key Vault to Store the JWT Security Key (Step-by-Step)
πΉ 7.6 β Thinking Like an Attacker (Reality Check)
Thinking Like an Attacker (Reality Check)
Why frameworks donβt save you from logic flaws
Real-world authorization mistakes
Why βworks as designedβ can still be insecure
π¦ Module 8 β Final Review (Production-Ready API)
π Final Review β From Open API to Production-Ready Security
π What Comes Next (Advanced Security Courses)
π Encryption
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock