This course will demonstrate how to secure an existing ASP.NET Core Web API with CRUD on the SQL Server database using Azure Active Directory. The application will be deployed to Azure (App Service and SQL database). Then, we will learn how to enable different authorization approaches and use authentication via Azure Active Directory. We will discuss using Microsoft Identity Library and consuming Web API from the React application.
The second day will focus on React application. We start with fundamentals and discuss tools and the app structure. Then we review the most essential elements, including components, state management, and hooks.
With all this, we can implement the typical SPA React application, which securely accesses the ASP.NET Core Web API to perform CRUD operations. Finally, we will discuss yarn, upgrade approaches, additional tools, advanced patterns, and best practices.
If time permits, we will see how to use Docker with ASP.NET Core Web API to automate further and scale the backend deployments.
Day 1
Introduction:
Visual Studio Code and development environment (.NET 6 or 7 or 8, Node.js)
az and azd and CloudShell
(optionally) Docker
A starting point: ASP.NET Core Web API with CRUD on the SQL Server database deployed to Azure App Service
Authorization
Simple authorization
Role-based authorization
Claims-based authorization
Policy-based authorization
Authorization policy providers
Authentication:
Authentication in ASP.NET Core
Authentication in single-page application (React)
App registration in Azure for ASP.NET Core and SPA
Azure Active Directory
Authentication options
Microsoft Identity Library (MSAL)
Manage tokens and sessions
Day 2
React app structure, tools, bundling, and profiling
Components
Properties, events, conditional rendering
Render and commit
State management and structure, sharing state between components, and passing data
Reducer and context
Hooks
Formik vs. React Form Hook
Day 3:
Common use cases:
A SPA client app consuming the ASP.NET Core Web API
Table with filter client and server side.
Fetching data approaches
Data validation
Advanced patterns and best practices
Upgrade and migration
Discuss yarn:
Commands
project.json and yarn lock file
audit, up, upgrade, upgrade-interactive, outdated, and run
How to keep up to date
Dependabot
Summary and conclusions