Looks at an example for storing sensitive configuration in Azure Key Vault, and connecting it to the ASP.NET Core configuration pipeline.
How to make authentication handlers in ASP.NET Core 2.0, and walks through a naive implementation for HTTP Basic authentication.
How to add custom claims such as roles to a user after they sign in. OpenID Connect and JWT Bearer token authentication used as examples.
How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.
Control from where resources are allowed to load on your ASP.NET Core site
How can you protect your app from possible Certificate Authority compromise?
Shows how you can make sure your site is (almost) always accessed over a secure connection
How to make sure all requests hitting an ASP.NET Core app are done over a secure channel.