ASP.NET Core and MVC have brought many changes to how ASP.NET developers write web applications. Security, as always, is an important part of any platform. In this session we will see how some aspects of security in ASP.NET Core will look familiar to the prior versions, but other features are brand new in an attempt to improve on the approaches from the past. We will start by looking at how authentication middleware manages user authentication. We will then turn to how authorization is handled with the new and powerful policy-based architecture. Finally we will see how applications manage secrets and security keys which are vital to the secure operation of any application. This session will bring you up to speed on everything you need to know about the security features in ASP.NET Core.