A conference talk transcript covering passwordless authentication using passkeys in ASP.NET Core. It explains the problems with traditional passwords and MFA, then walks through the cryptographic foundations of passkeys (public/private key pairs, phishing resistance, session replay prevention), and the FIDO Alliance standards behind them. The talk demonstrates the built-in passkey support in .NET 10's Blazer template with ASP.NET Core Identity, showing registration and login flows, the navigator.credentials API, and how challenge state is stored in cookies. Deployment considerations include domain/origin binding, subdomain handling, multi-domain setups, recovery strategies, and the well-known passkey endpoints for password manager integration.
Sort: