• FormsAuth -> Identity *Session -> Claims -> Parallelism/Cluster Auth code -> Provider (existing?) -> Unit tests Automatic login -> Review -> Comment -> Parameter security? ASP.NET Core -> Platform agnostic User instantiation in private field -> Overhead -> Unit testing Ui manipulation in code behind Remove commented code -> Source control -> CI Builds? Type checking -> Interface / Concrete = Verbose Messages to view -> Verbosity -> Control -> No deploy Clear session etc. By default. Check early by default

ViewState Off (Enable when required) Table -> CSS Fully localized All CSS to static files -> CDN All English Ids (no Finnish)

Other Centralize Login AD -> B2C/B2B?