How does security work in ASP.NET Core? Carl and Richard talk to Roland Guijt about the security features of ASP.NET Core - many of which are the same as the original .NET, but there are some significant changes! The conversation starts out dealing with the idea that retrofitting security at the end of a project is fraught with perils that ultimately endanger your application and users. It's worth taking some time to figure out how security is going to be part of your app from the beginning. Roland talks about what makes sense to build directly into your ASP.NET Core app and what can be externalized with tools like Identity Server. And there are claims - lots of claims!