---
title: "How Usernames and Passwords Got so Complicated"
description: "Explore the complexities of authentication and how to solve them on this stream from .NET Conf 2019."
authors:
  - name: "Ramiro Nunez Dosio"
    url: "https://auth0.com/blog/authors/ramiro-nunez-dosio/"
date: "Oct 14, 2019"
category: "Developers,Deep Dive,Username & Password"
tags: ["username", "password", "net", "dotnetconf", "authentication", "authorization", "login", "web-app"]
url: "https://auth0.com/blog/how-username-password-got-so-complicated-dotnetconf-2019/"
---

# How Usernames and Passwords Got so Complicated



.NET Conf 2019 was an exciting and unique event that took place this year from September 23 — 25. It is a free, 3-day virtual conference co-organized by the .NET community and Microsoft. Anyone with an Internet connection was able to attend.

## .NET Conf 2019: A Virtual Conference

This year the conference saw the [launch of .NET Core 3.0](https://auth0.com/blog/exploring-dotnet-core-3-whats-new/), offered prizes to attendees such as free Xbox One X consoles, and hosted talks from a world-class lineup of speakers from Microsoft and the community.

Our own [Developer Advocate Engineer Bobby Johnson](https://auth0.com/blog/authors/bobby-johnson/) gave a talk focused on exploring how the username-password strategy got so complicated over time. Bobby shows you how overwhelming it can be to take your first step beyond username and password-based authentication strategies, which are the default authentication strategies offered by most full-stack web application frameworks.

Social logins, Identity Providers, OAuth 2.0, LDAP, SAML, OpenId Connect; all can be confusing. What does it all mean? How did we get here? Watch Bobby's talk to find out:

<AmpContent>
  <amp-iframe width="480" height="270"
    sandbox="allow-scripts allow-same-origin"
    layout="responsive"
    frameborder="0"
    src="https://www.youtube.com/embed/ga3u_4B7_Bw?start=69">
  </amp-iframe>

</AmpContent>

<NonAmpContent>

  <iframe width="560" height="315" src="https://www.youtube.com/embed/ga3u_4B7_Bw?start=69" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

</NonAmpContent>

<include src="ProfileCard" picture="https://cdn.auth0.com/blog/auziros/bobby-johnson.png" name="Bobby Johnson" title="Developer Advocate Engineer" team="Technical Experience" location="Washington, United States" body="Attending .NET Conf 2019 and collaborating with the Channel 9 team was an awesome experience. They were very professional and the event ran like clockwork."/>

The organizers have made all the sessions available [on-demand on YouTube](https://www.youtube.com/user/VisualStudio). Be sure to check them out.

## More Resources

- [.NET Conf 2019 Official Site](https://www.dotnetconf.net/)

- [Bobby's Twitch Channel](https://www.twitch.tv/iamnotmyself/): Streams three times per week!

- [The Live Coders' Twitch Channel](https://livecoders.dev/): Enthusiastic streaming developer community with members who participated in .NET Conf 2019 as organizers or attendees.

- [Exploring .NET Core 3.0. What's New?](https://auth0.com/blog/exploring-dotnet-core-3-whats-new/)

- [Building and Securing Web APIs with ASP.NET Core 3.0](https://auth0.com/blog/how-to-build-and-secure-web-apis-with-aspnet-core-3)

## Aside: Securing ASP.NET Core 3.0 with Auth0

Authentication and authorization are hard but securing ASP.NET Core 3.0 applications with Auth0 is easy and brings a lot of great features to the table. With [Auth0](https://auth0.com/), you only have to write a few lines of code to get solid [identity management solution](https://auth0.com/user-management), [single sign-on](https://auth0.com/docs/sso/single-sign-on), support for [social identity providers (like Facebook, GitHub, Twitter, etc.)](https://auth0.com/docs/identityproviders), and support for [enterprise identity providers (like Active Directory, LDAP, SAML, custom, etc.)](https://auth0.com/enterprise).

<AmpContent>
<amp-youtube
    data-videoid="U3NDciLTTgI"
    layout="responsive"
    width="480" height="270">
</amp-youtube>

</AmpContent>

<NonAmpContent>

<iframe width="560" height="315" src="https://www.youtube.com/embed/U3NDciLTTgI" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

</NonAmpContent>

On ASP.NET Core 3.0, you need [to create an API in your Auth0 Management Dashboard](https://auth0.com/docs/apis) and change two things on your code. To create an API, you need to <a href="https://auth0.com/signup" data-amp-replace="CLIENT_ID" data-amp-addparams="anonId=CLIENT_ID(cid-scope-cookie-fallback-name)">sign up for a free Auth0 account</a>. After that, you need to go to [the API section of the dashboard](https://manage.auth0.com/#/apis) and click on "Create API". On the dialog shown, you can set the _Name_ of our API as "Books", the _Identifier_ as "http://books.mycompany.com", and leave the _Signing Algorithm_ as "RS256".

![Creating API on Auth0](https://images.ctfassets.net/23aumh6u8s0i/EqGkwFxCdRtjWblGcRHo8/4d14728749a8c8db52447c6a4f62713d/creating-api-on-auth0)

After that, you have to add the call to `services.AddAuthentication` in the `ConfigureServices` method of `Startup`:

```csharp
string domain = $"https://{Configuration["Auth0:Domain"]}/";
services.AddAuthentication(options =>
{
  options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
  options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
  options.Authority = domain;
  options.Audience = Configuration["Auth0:Audience"];
});
```

You also need to add an invocation to `app.UseAuthentication()` in the body of `Configure()` method of `Startup`.

And add the following element to `appsettings.json`:

```json
{
  "Logging": {
    // ...
  },
  "Auth0": {
    "Domain": "bk-samples.auth0.com",
    "Audience": "http://books.mycompany.com"
  }
}
```

> **Note** that the domain, in this case, **has to be changed** to the domain that you specified when creating your Auth0 account.