Notes on auth, hierarchical authorization, EF Core, and practical .NET application security.
Hosted auth pages are a great default until product teams need app-native authorize screens, experiments, and app-owned signup fields. Headless mode in SqlOS keeps the auth server in SqlOS while your app owns the UI.
If you want an MCP server to work with Emcy and other modern OAuth clients, your authorization server needs more than a token endpoint. Here is the practical checklist and how SqlOS maps to it today.
How to implement database-level row-level security in .NET using SQL Server TVFs composed into EF Core LINQ queries — no post-load filtering, no external service calls.
Learn how hierarchical role-based access control works and why it's essential for modern multi-tenant applications.