With the advent of ASP.NET v5 we’ve taken the opportunity to throw away the old, bad things and drag code kicking and screaming into 2015.
We killed [Authorize(Users=)] and replaced it with something more flexible and more configurable.
We switched to claims everything.
We finally got rid of machine key as well, and have replaced it with something that rotates keys, syncs cross instances of Azure websites and could even use an NTFS share or a database as a key store.
By the end of this session you should be prepared to bring in the new and improved bits to help you security your apps in a more flexible and testable way.