{
  "instruction": "Configure authentication and authorization with proper middleware ordering",
  "relevant_when": "Agent creates or modifies an ASP.NET Core application that has any protected endpoints or user-specific data",
  "context": "ASP.NET Core requires UseAuthentication() before UseAuthorization() in the middleware pipeline. Define authorization policies with FallbackPolicy requiring authenticated users by default, and use [AllowAnonymous] for explicitly public endpoints. Never hardcode JWT secrets in source code.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/aspnet-security-basics/SKILL.md",
      "tile": "tessl-labs/aspnet-security-basics@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "auth-middleware-order",
      "rule": "Agent calls UseAuthentication() before UseAuthorization() in the middleware pipeline",
      "relevant_when": "Agent creates or modifies an ASP.NET Core application with authentication"
    },
    {
      "name": "authorization-policies",
      "rule": "Agent defines authorization policies or uses FallbackPolicy to require authentication by default",
      "relevant_when": "Agent creates or modifies an ASP.NET Core application with protected endpoints"
    },
    {
      "name": "no-hardcoded-secrets",
      "rule": "Agent does not hardcode JWT keys, connection strings, or other secrets in source code -- uses Configuration, environment variables, or User Secrets instead",
      "relevant_when": "Agent creates or modifies an ASP.NET Core application"
    }
  ]
}

evals

skills

verifiers

authentication-configured.json

cors-configured.json

https-enforced.json

input-validation-added.json

rate-limiting-configured.json

security-headers-added.json

tile.json

tessl-labs/aspnet-security-basics

authentication-configured.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}verifiers/

authentication-configured.jsonverifiers/