Developers’ perception of security concerns can range from true love to pure evil. In some organizations, security is a checklist that happens after an application has been developed, and in others it is such a burden that it often doesn’t get done properly or is simply skipped altogether.
When building applications for the cloud—applications built around the assumption that they might not run on infrastructure you own—security cannot be an afterthought or some mindless checkbox on a to-do list. Security must be a first-class citizen in all development efforts for user-facing applications and services alike.
In this chapter we’ll discuss security topics as they relate to cloud-native applications and develop samples that illustrate some ways we can secure our ASP.NET Core web applications and microservices.
Securing applications that run at scale in the cloud is not as straightforward as it is when you deploy applications to a local data center where you have full control over the operating system and the installation environment.
In this section, we’ll cover some of the main issues that developers often run into when trying to adapt their existing ASP.NET skills or legacy codebases to running securely in the cloud. Some of these problems might be obvious (like the lack of Windows authentication), whereas others are more subtle.
Intranet applications are everywhere and are often ...