Explore the advanced security features of ASP.NET Core 2.2 and 3.0 for building secure web applications and APIs in this comprehensive conference talk. Delve into standards-based authentication, single sign-on, and API security, with a focus on the integration of IdentityServer4 in project templates. Learn about hosting options, Kestrel, runtime considerations, machine keys, and the Data Protection API. Discover the authentication system, session management, cookie handling, and external authentication using OpenID Connect. Gain insights into API indication, authorization policies, claims requirements, resource-based authorization, and ASP.NET Identity. Through demonstrations and in-depth explanations, master the tools and techniques necessary to create robust, secure web applications and APIs using the latest ASP.NET Core features.