Pre-Conference Workshop
12. listopadu 2025
Update Conference Prague will be even better in 2025. We've decided to add an all-day workshop with the attractive topic of Building Secure and Scalable Web APIs with ASP.NET 10, which will take place one day before the conference, on Wednesday, November 12, 2025. The workshop will take place in the Virgo hall on the conference floor of the Clarion Congress Hotel Prague. The capacity is limited to 60 attendees.
Chris “Woody” Woodruff is an Architect at Real Time Technologies with nearly 30 years of experience. He’s a recognized expert in software development and architecture, speaks at international conferences, and mentors developers through talks, articles, and online content. He co-hosts the “Breakpoint Show” podcast and YouTube channel and is currently writing a book on network programming with C# and .NET.
Building Secure and Scalable Web APIs with ASP.NET 10
Hands-on Development from Routing to Role-based Security
Description
Web APIs power today's most compelling apps—from eCommerce to mobile experiences—and developers who can build secure, scalable APIs are in high demand. In this hands-on, full-day workshop, you'll learn how to build robust APIs using ASP.NET 10.
Join Chris Woodruff as he guides you through everything from foundational routing and CRUD operations to implementing advanced security practices using OAuth2, JWT tokens, and role-based authorization. You'll explore the critical security layers that protect your API, how to test them , and how to optimize performance through caching and clean architecture.
Build alongside Chris as you create a secure eCommerce API from scratch—complete with customer orders, sales rep assignments, and protected endpoints.
Target Audience
Intermediate to Advanced .NET Developers looking to strengthen their ASP.NET Web API skills with a focus on security and best practices.
Takeaways
By the end of this workshop, you'll be able to:
- Build production-grade Web APIs with ASP.NET 10 using a secure and modular architecture.
- Secure APIs using JWT, role-based access control, and ASP.NET Identity.
- Protect against common vulnerabilities and apply modern security standards.
- Optimize APIs through caching, dependency injection, and separation of concerns.
- Write effective integration and unit tests for robust API delivery.
Schedule
9:00 – 9:15 AM – Welcome & Setup
Environment check, intro to the workshop goal: Secure eCommerce API
9:15 – 10:30 AM – Session 1: Routing, Controllers, and Dependency Injection
• Attribute routing
• Controller structure
• Built-in dependency injection
• Hands-on: Create your first routes and endpoints
10:30 – 10:45 AM – Break
Short break.
10:45 – 12:00 PM – Session 2: Data Models, EF Core, and CRUD
• Designing domain models
• EF Core basics
• Validation and model binding
• Hands-on: Implement Create, Read, Update, Delete logic
12:00 – 1:00 PM – Lunch Break
Time to refuel and network.
1:00 – 2:15 PM – Session 3: Authentication Deep Dive
• ASP.NET Identity overview
• Cookie-based auth vs. Token-based auth
• Implementing JWT authentication
• Hands-on: Secure your API with JWT
2:15 – 3:30 PM – Session 4: Authorization & Role-Based Access Control
• [Authorize] attribute and policies
• Role-based claims and scopes
• Protecting sensitive endpoints
• Hands-on: Create user roles and restrict access
3:30 – 3:45 PM – Break
Short break.
3:45 – 4:45 PM – Session 5: API Security Best Practices
• Secure headers (CORS, CSP, etc.)
• HTTPS enforcement
• Rate limiting and throttling
• OWASP top threats and mitigations
• Hands-on: Apply security middleware
4:45 – 5:30 PM – Session 6: Testing, Optimization, and Caching
• Unit/integration testing (xUnit/MSTest)
• Using Postman and Swagger for testing
• Output caching and in-memory caching
• Hands-on: Write tests and add caching strategies
5:30 – 6:00 PM – Wrap-up & Q&A
• Review complete API architecture
• Deploying securely to the cloud
• Resources and next steps
Zaujala Vás nabídka? Registrujte se ihned!
Existují dvě možnosti účasti na kurzu .NET Modernization Tomáše Hercega. Můžete se registrovat odděleně od vstupenky na konferenci (pokud jste se již na konferenci registrovali dříve), nebo se můžete registrovat na workshop i na konferenci dohromady.
Speciální balíček zahrnující Regular vstupenku na oba dny konference Update Conference Prague 2025 a také vstup na pre-conference workshop (středa, 12. listopadu).
Pokud již máte zakoupenou vstupenku na Update Conference Prague 2025 a chcete se zúčastnit workshopu 12. listopadu, uveďte při nákupu workshopu do poznámky číslo objednávky vaší vstupenky na konferenci.
Více informací o vstupenkách na workshop nebo konferenci najdete v sekci Vstupenky.