Playbook
0 / 10 complete0%
  1. 01
  2. 02
  3. 03
  4. 04
  5. 05
  6. 06
  7. 07
  8. 08
  9. 09
  10. 10
Step 05 of 10 2 weeks· advanced

Step 5: Design Authentication

Plan the move from Windows Authentication (typical for WinForms) to web auth (OAuth / JWT via an IdP).

What you're doing in this step

Decide on the IdP (Azure AD / Auth0 / Okta / IdentityServer / ASP.NET Core Identity), plan password / role / SSO migration, and design the MFA experience.

Recommended prompts

Use one of these to do the work in your IDE

Open the template to read it in full. Click Copy prompt to grab it (with your stack values pre-filled where they apply) — then paste into Claude Code, Cursor, or wherever you build.

Primary recommendation 1 day

Authentication Migration Strategy (.NET Forms Auth → JWT/OAuth)

Migrate from legacy .NET authentication (Forms Auth, Windows Auth, custom) to modern JWT/OAuth without breaking existing users.

dotnet
View template
Template· Template 45 min

Authentication Setup (OAuth + JWT)

Implement production-grade authentication with OAuth providers, JWT sessions, role-based access, and secure refresh flows.

Use this when: You've made the IdP decision and need the implementation template

nodejstypescriptnextjs
View template
Recommended skills

Drop these into Claude Code for this phase

Skills auto-trigger on the right kind of request. Install once; they apply to every prompt that fits.

Skill· Skill 5 min setup

Migration Planner Skill

Flagship migration skill that walks Claude Code through audit → strategy → slicing → cutover for any legacy system migration.

claude-code
Recommended MCP configs

Wire these tools into Claude Code first

MCP servers give Claude Code direct access to external systems (Jira, browsers, databases). Configure once.

MCP config· MCP config 5 min setup

Filesystem MCP for Evoke

Pre-configured filesystem MCP server for Claude Code — safe, scoped read/write access to project files.

claude-codemcp
When you're done

Verify these in your own work before moving on

This is a checklist for you to mentally tick off in your repo and IDE — the site doesn't track it, you do.

  • Auth strategy documented at /docs/migration/auth-strategy.md
  • Identity provider chosen with rationale
  • User-identity migration plan (if moving from AD)
  • Role / permission mapping designed (AD groups → JWT claims)
  • MFA strategy
  • Logout / session-timeout policies
Common pitfalls

What goes wrong at this step

  • Trying to keep Windows Auth — possible with Kerberos middleware but complicated; usually better to move to OAuth
  • Rolling your own IdP — almost always wrong; use Azure AD / Auth0
  • Forgetting role mapping — Windows AD groups don't automatically translate to JWT roles
  • No MFA plan — internal apps suddenly facing the internet need MFA
← Previous step

Command Palette

Search for a command to run...