Implementing JWT Authentication in ASP.NET Core

Подписаться 311 тыс.

Просмотров 6 тыс.

50% 1

Download the code: mailchi.mp/dom...
Check out my courses: dometrain.com
Subscribe to my weekly newsletter: nickchapsas.com
Become a Patreon and get special perks: / nickchapsas
Hello, everybody. I'm Nick, and in this video, I will show you how you can add production-ready authentication and authorization in .NET and ASP.NET Core with JWT tokens using a real identity service.
This video is sponsored by AWS. To get $50 free AWS credit, check out this link: aws.amazon.com...
Workshops: bit.ly/nickwor...
Don't forget to comment, like and subscribe :)
Social Media:
Follow me on GitHub: github.com/Elf...
Follow me on Twitter: / nickchapsas
Connect on LinkedIn: / nick-chapsas
Keep coding merch: keepcoding.shop
#csharp #dotnet

Опубликовано:

21 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 44

@tomtoups Час назад

Changing the first letter "e" is not a good test for if the JWT is working, because the "e" is the base64 character for the open brace "{" for the JSON. That's why all JWTs start with an "e". It could be failing because it's not a valid JSON fragment

@frossen123 Час назад

2:30 "It's a piece of string!"😄love it

@mynameisshadywhat 4 часа назад

The first time in a long time I needed a refresher on this and this is the first recommended video, posted only 17 minutes ago. What sorcery is this, Nick?

@nickchapsas 4 часа назад

I’m behind you

@willbo_ 3 часа назад

(⊙ˍ⊙)

@aracon9721 Час назад

it's called youtube algorythem *smirk*

@SunriseTequila523 53 минуты назад

@@nickchapsasDo you have a course on sql for ef core developers?

@local9 4 часа назад

This couldn't of come at a better time.

@andersborum9267 2 часа назад

It's good starting video on using an external Idp, but don't forget that what's shown here is the bare minimum. Also, notice that Nick is using a stand-alone UI (i.e. Postman or similar) to exchange the returned auth code for a set of tokens that's stored locally (Redis is a great option for these types of short lived data); you'll need to build the exchange mechanism yourself, which is a fun little task. A word of caution: security is not something you should take lightly, especially in an public facing environment and you should never attemt to implement encryption algorithms, unless you're one of the very few experts in the industry, that works professionally on this topic.

@aracon9721 Час назад

so pro-apprentices like me probably still better use Auth0?

@DasBloch 4 часа назад

It would be awesome if you could show how to support multiple authentication methods. Like an API key together with jwt tokens. How do we correctly authorize endpoints and setup the auth ?

@margosdesarian 2 часа назад

Hey Nick, can you make a video about which is the nicest butter?

@petewarner1077 2 часа назад

Let's demand a #buttercop series in which Nick takes a look at terrible butter advice posted on LinkedIn and signs off with "But now I want to know about you.... which butter do YOU think is the nicest butter? Are you using butter in your applications? Or a healthy low-fat substitute?"

@MarvinKleinMusic 43 минуты назад

It would be pretty intersting how you can secure a Blazor app with JWT.

@JacobGlanz1234 Час назад

You’re not explaining what anything means, you’re effectively showing how to copy paste your code

@nickchapsas 57 минут назад

There are 500000 videos explaining JWT including mine. Watch those. I just wanna show the implementation

@Arshaad786000 Час назад

cool. could you show us how this would work with the microsoft identity tables in SQL

@vintage8 3 часа назад

Thanks, couple questions tho: How should I sync the users to my db with external id providers? Should I store roles, permission in my db or in the external provider? and also shouldnt client secret be secret? I shouldnt use it in a spa, right?

@kidsam27 3 часа назад

Have you ever considered or compared this to something opensource and self hosted like key cloak? I've used it in a couple of project and i has pretty much all you've showcased but it's bit more quirky.

@paulguk 2 часа назад

I much prefer jwt.ms over Auth0's decoder. Much simpler page and also decodes the iat and exp values etc.

@CharlesBurnsPrime Час назад

".NET does not have native JWT integration, so you have to install a Nuget package..." is said like it is a negative thing, but it is a positive one. Why would the core library have support for a specific auth mechanism, of the hundreds that have come and gone?

@nickchapsas 56 минут назад

It’s not said as a negative thing. It’s said as an observation

@Assgier 55 минут назад

Also the package is still from Microsoft themselves, thus you don't have to rely on some 3rd party library.

@richardrawson381 13 минут назад

var key="sdfafas"u8; just to learn this notation was worth watching the video 🙂

@SuperLabeled 2 часа назад

"Trust me" Famous last words :) But in all seriousness, could you use something like this to authenticate your application? Basically making it not possible for anyone outside of your hosted domain to request data from the API?

@DisturbedNeo Час назад

CORS is better suited for that. You can set it up a policy on your server to say “If a request comes from anywhere other than a specific URL, reject it”, and then give it the URL of your client application so that only requests from your client application are let through.

@the_arch 3 часа назад

Any chance of making a video for integration with MS Entra SSO?

@alanis4AL 4 часа назад

When i see you doing it seems graspable Why everyone else claims that authentication and authorization are the holy grail of programming? Concepts so difficult to grasp that you need a doctorate degree!?

@cocoscacao6102 2 часа назад

It's poorly documented in certain areas, and I've found most of the answers digging through stack overflow. Concepts aren't that difficult, but implementation in .NET can be a she-dog...

@diadetediotedio6918 58 минут назад

I never saw anybody saying it is "the holy grail of programming", but it is a difficult problem, yeah.

@Octopie18 Час назад

The modern way to create JWTs is using the new `JsonWebTokenHandler` class, not the older & slower `JwtSecurityTokenHandler` class.

@nickchapsas 53 минуты назад

You are right. I used my old codebase for this video instead of the new one that used the WebToken one 🤦

@phillipkatete634 4 часа назад

Is there a way to add users to the cognito service (rather than users having to enrol)?

@yaroslavsolodyankin928 3 часа назад

Does .dometrain have any support? What is the problem with the video player?

@rennasccenth 2 часа назад

Ok, this bg3 reference got u one more like. Are you happy now???

@nickchapsas 56 минут назад

What an absolute banger of a game

@I-PixALbI4-I 4 часа назад

What do you mean "Production Ready"? I already implemented JWT to PROD using knowledge from your previous video about JWT! o_0

@panbotuk 4 часа назад

Title for more views. JWT is so overused that I wouldn't even get involved without it xD

@nickchapsas 4 часа назад

Maybe production ready isn't a good term for this. I wanted to say that we're integrating an independent identity service which is what most modern production apps are using. Maybe "Modern" is better