dotnet-api-security
Installation
SKILL.md
dotnet-api-security
API-level authentication, authorization, and security patterns for ASP.NET Core. This skill owns API auth implementation: ASP.NET Core Identity configuration, OAuth 2.0/OIDC integration, JWT bearer token handling, passkey (WebAuthn) authentication, CORS policies, Content Security Policy headers, and rate limiting.
Scope
- ASP.NET Core Identity configuration and Identity API endpoints
- OAuth 2.0 / OpenID Connect integration with external providers
- JWT bearer token authentication and policy-based authorization
- Passkey / WebAuthn authentication (.NET 10)
- CORS policies and Content Security Policy headers
- Rate limiting middleware (fixed window, sliding window, token bucket, concurrency)
Out of scope
- OWASP Top 10 mitigations and deprecated security patterns -- see [skill:dotnet-security-owasp]
- Secrets management and secure configuration -- see [skill:dotnet-secrets-management]
- Cryptographic algorithm selection -- see [skill:dotnet-cryptography]
- Blazor auth UI components -- see [skill:dotnet-blazor-auth]