In this chapter, we learnt about both the ASP.NET Core Identity and IdentityServer4 security frameworks to handle both easy and complex types of scenarios, how to customize and extend the existing Identity model using Entity Framework Core, and used middleware to authenticate users using Facebook, 2FA, and OpenID Connect. Moreover, we developed a basic Central Authentication System (CAS) that provides multiple applications to connect using the same protocol and enables single sign-on. We also learnt different techniques of securing Web API and MVC controllers and actions through attributes and imperatively by writing custom code. Finally, we discussed how to store application secrets using user secrets.