ASP.NET Core 3 - Authentication - Ep.3 Authorization (UPDATED: READ DESCRIPTION)

Подписаться 72 тыс.

Просмотров 71 тыс.

50% 1

In this episode we dissect the mechanism behind Authorization - Policies. We explore the 3 main moving parts of Policies exposed to you:
NOTICE - UPDATED PLAYLIST
• ASP.NET Core Authentic...
Patreon 🤝 / raw_coding
Courses 📚 learning.raw-c...
Shop 🛒 shop.raw-codin...
Discord 💬 / discord
Twitter 📣 / anton_t0shik
Twitch 🎥 / raw_coding
👉 Try Rider
www.jetbrains....
RD5K9-4TXXW-KMV3G-NYWSF-3ZSTP
- AuthorizationPolicy (Created by using an AuthorizationPolicyBuilder)
- IAuthorizationRequirement (This is your request for a specific type of authorization)
- AuthorizationHandler (This is the function which knows how to process the requirement)
Roles are just claims. rant over. Why have them? the concept of a role is more familiar than a claim to a human. For example what is easier to understand? - "What is your Role?" or "What do you claim to be?"
Source: github.com/T0s...
#csharp #aspnetcore #auth

Опубликовано:

21 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 150

@sh00termacg 4 года назад

Brilliant, you're a very very clever guy. You know this stuff at a fundamental level and your delivery is top notch!

@RawCoding 4 года назад

Thank you:)

@drspyqwerty 4 года назад

THE BEST series. So much Info. I have watched it twice to get all the little details. Stick with it, absolutely worth it.

@RawCoding 4 года назад

Thank you :)

@mahmutyldz371 4 года назад

you are the best lecturer in the world ;)

@RawCoding 4 года назад

Eyyy thanks!

@KhanhNguyen-pq6kn 4 года назад

Subcribed after 2 videos... the concept explaining was great, not as much as blindly practice out there... i'm looking for further of you. Once again... thanks mate!!

@RawCoding 4 года назад

Thank you, glad you liked it!

@tyge7927 4 года назад

Just wanna say even in August 2020, you're saving someone's ass (mine). Thank you very much and hope you're doing fine.

@RawCoding 4 года назад

It’s not even been a year :D

@gonaz 3 года назад

@@RawCoding you don't even know how many people you're helping, nobody does videos about this, Devs sometimes assume that everyone knows this topics

@FernandoJavierSosa 3 года назад

I neved saw an explanation of Claims, Policies and Authorization as clear as this video.

@RawCoding 3 года назад

Cheers

@wolfvandenzegel6534 2 года назад

This series has helped me leaps and bounds in understanding this otherwise very poorly documented featureset, thank you very much!

@ShivamSingh-wy8om 4 года назад

Thanks for sharing this, this is the best tutorial explaining Identity on internet i have come across so far.

@RawCoding 4 года назад

Thank you:)

@abcdeika 4 года назад

@@RawCoding that IS true. I've been pointlessly searching for guides, tutorials, videos and all of them are either useless aka (DOTHING METHOD) or out-of-date. Thank you. THANK YOU! Gonna watch all of the videos on the channel.

@naveedkhanhome 2 года назад

Nice and very concise and clear. Thanks

@RawCoding 2 года назад

Cheers

@Ringringringa Год назад

I gone through most of the authentication and authorization stuff, its really good. Just one suggestion if possibly you put advertisements at start, as it breaks the rhythm if it comes while learning. Thanks for sharing great stuff in simplest possible way,

@shilpamore4866 4 года назад

Complex concept explained so easily. Appreciate your effort.

@RawCoding 4 года назад

Thank you:)

@mateuszlesko5301 3 года назад

Keep going with uploading of solid quality materials !!

@RawCoding 3 года назад

Cheers

@relativenormality 4 года назад

Another excellent video. I like the style - show the default and deconstruct it so you can understand what is going on - this gives you confidence. Been studying up on Identity during lockdown and this cuts through everything else I have looked at so far.

@RawCoding 4 года назад

Thank you for watching :)

@farisfajar6982 3 года назад

Dear Raw Coding, Thanks for the series. this comment may be small but your video tells bigger than that.

@RawCoding 3 года назад

Cheers :D

@kamuykaz01 3 года назад

Super video ! I am using your stuff to understand and implement identity to my project.

@RawCoding 3 года назад

Awesome, hope it works out!

@anurag3487 3 года назад

amazing. you know these stuffs on a very granular level. I learnt a lot. Thanks

@RawCoding 3 года назад

Thank you for watching

@navarromal 3 года назад

simply the best, man! you are very clear and concise...clever!

@RawCoding 3 года назад

Thank you:)

@benedictpardo6366 4 года назад

Interesting! Now its Role-based vs Policy-based authorization were explained! Okay, this is epic!

@RawCoding 4 года назад

Glad you enjoying these

@jamesallen74 4 года назад

VERY nice video. Very nice refresher on how to do configuration also.

@RawCoding 4 года назад

Cheers

@jamesallen74 4 года назад

@@RawCoding LOL I posted this comment on the wrong clip. I meant to do this for the last video on the email verification.

@rolanddensonjr2464 4 года назад

You have definitely gained a subscriber. Very nice video. Keep up the good content.

@RawCoding 4 года назад

Cheers )

@pradeeppradyumna601 3 года назад

Great tutorial bud ! Appreciate all the efforts

@RawCoding 3 года назад

Thank you for watching

@azizbekibnhamid642 Год назад

Amazing course!

@satyamprakash6917 4 года назад

Thanks for the video, you solved my problems in a few minutes. best lecture on .net core and authorization on youtube.

@RawCoding 4 года назад

Thank you for watching))

@user-so5by6zb8e Год назад

Great job❤

@RawCoding Год назад

Don’t forget to check out the new videos !

@WikkiOnIlluminati 3 года назад

@5:34 as Anton suggested to understand and learn claims and policies. I found these two articles having concept explained very well. At least for me Declarative Claims-Based Authentication in ASP.NET Core 3.0 visualstudiomagazine.com/articles/2019/10/29/aspnet-authentication.aspx Working with Claims to Authorize Users in ASP.NET Core and Blazor visualstudiomagazine.com/articles/2019/11/06/working-with-claims.aspx

@RawCoding 3 года назад

Thank you for sharing

@MrShakir820 3 года назад

Brilliant brother!

@RawCoding 3 года назад

Yes bro!

@bertolimauro 4 года назад

Congrats! Really well done videos! I think you are one of the best lectures on RU-vid! It's not easy to explain these concepts deeply as you are doing. Just out of curiosity... what's your background in asp.net core?

@RawCoding 4 года назад

Thank you, glad you enjoyed these! I've been doing dotnet professionally for about 3-4 years now. Wide variety of applications.

@mfundofalteni2620 4 года назад

Thank you for these wonderful videos. I am learning a lot.

@RawCoding 4 года назад

Cheers

@FernandoJavierSosa 3 года назад

thank you, thank you!

@RawCoding 3 года назад

Think you for watching

@fabienmolinet8491 4 года назад

Your videos are excellent, keep up the good work!

@RawCoding 4 года назад

Thank you :)

@ilovepandaypoe6056 4 года назад

The best tutorial! Thanks much

@RawCoding 4 года назад

Glad you enjoying these!

@vahidjafari1369 4 года назад

Thank you, it was amazing!!!

@RawCoding 4 года назад

Thank you

@chenshang920 4 года назад

Thanks for the video.

@RawCoding 4 года назад

Thank you for watching!

@jamesbest2221 4 года назад

Awesome! Than you!

@RawCoding 4 года назад

No thank you!

@MedBouchenafa 4 года назад

Again, a great tutorial Thanks a lot You have a new subscriber!!!

@RawCoding 4 года назад

Thanks :D

@sarvarthmonga5764 3 года назад

Mind Blowing, Awesome work. I have a request can you also share/create a video in which you are explaining DependencyInjection lifetimes. Thanks

@RawCoding 3 года назад

I’ve made a video about that, I’ve also have a video about how it works ;)

@sarvarthmonga5764 3 года назад

@@RawCoding I saw that, but i wanted to like have an idea, when to use which lifetime. If you can provide some resource that will be awesome too

@RawCoding 3 года назад

ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-01C8selSVCY.html have you watched this?

@sarvarthmonga5764 3 года назад

@@RawCoding Bro you are awesome

@sarvarthmonga5764 3 года назад

@@RawCoding Thanks so much

@hassysid9338 2 года назад

Thanks dude ...awesometacular ...by the way which keyboard do you use...liked the clicks 😀

@Patrick-il3uy 4 года назад

Great tutorials. Thank you for that. You very often scroll or jump too fast. I always have to pause the video or go back. Would be way more better if you add some little breaks (just 2-3 seconds).

@RawCoding 4 года назад

Thank you very much for your feedback

@LaurenceNairne 3 года назад

Personally I think a lack of breaks is fine. The fact that you can pause to catch up and/or change the playback speed means that everybody can do it at their own pace. There's also the source if you need to see something that you missed because the author doesn't spend long enough looking at particular lines. My time to spend with videos is precious, if this one wasn't so concise and to the point, I'd have given up on it (like I have with many others).

@RawCoding 3 года назад

Thank you )

@naveensellappan4016 3 года назад

Hi Thank you so much for the lecture man, I have a doubt, the AuthorizationPolicyBuilderExtensions class you defined does not inherit an Interface or an abstract class, so how does the policy builder uses the RequireCustomClaim method in the AuthorizationPolicyBuilderExtensions ?

@RawCoding 3 года назад

it's a basic c# extension method, it doesn't need to inherit from an interface or an abstract class. docs.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/extension-methods

@naveensellappan4016 3 года назад

@@RawCoding Thanks man

@stevemcqueen2887 3 года назад

I was with you until 16min in when you just if you want to make it an extension method then you can do this... 1) whats an extension method? 2) why would I want to? 3) will it work without it?

@stevemcqueen2887 3 года назад

Extension method They allow you to add new methods to an existing class. This means we don't need to modify the original class to add these new methods. So you can have an existing library written by someone else and add your own custom code to it without modifying the library itself. It must be static.

@RawCoding 3 года назад

nice one

@gevanjayasinghe2693 4 года назад

Superb

@RawCoding 4 года назад

Cheers!

@cyjbox 4 года назад

thank you, good tutorials.

@RawCoding 4 года назад

Thank you for watching :)

@blackwhiteyang9533 4 года назад

Thanks

@RawCoding 4 года назад

thank you for watching :)

@KunalMukherjee3701 3 года назад

Hey Anton! Want to see a video on pagination with dapper

@RawCoding 3 года назад

Noted

@serb1146 4 года назад

Отличные уроки, спасибо.

@RawCoding 4 года назад

Спасибо

@developerRG 9 месяцев назад

Thank you for your Greatest vedios on youtube, 🎉 bu i have question please , How you understand this topic to make it very easy to explain like piece of cake 😊?

@k3vinshum 3 года назад

Great video. Great series. One thing though about the roles. When you specify role in the attribute tag you can put that on a selection of methods and not all. The claims example you show of requiring the claim role would enforce on all methods with the authorized tag would it not?

@RawCoding 3 года назад

The claims example works with policies

@k3vinshum 3 года назад

@@RawCoding but the policy is applied globally in the middleware setup is it not? Clearly I am missing something - could you please explain how to apply a different policy per endpoint?

@k3vinshum 3 года назад

@@RawCoding think i got it now. You can AddPolicy and choose which one to use. You can also set the DefaultPolicy which is where I got confused. Awesome thanks

@RawCoding 3 года назад

You build the police in the ConfigureServices , and then you use it across your application when you need to

@swanandpangam 3 года назад

I don't see any ctor for AuthorizationPolicyBuilder taking zero params in .NET 5.0. I was trying to see if I can overwrite the default policy with a new policy which doesn't call the RequireAuthenticatedUser() method and to see what happens. Thanks

@RawCoding 3 года назад

Looks like it, you'll need to specify the schema as well

@manisharma3068 3 года назад

Noob question..sorry.. How does injecting some services(like the Datacontext) into the authorizationHandler affect the decision of whether or not making it a scoped handler or a singleton?

@RawCoding 3 года назад

You should have it scoped off you are injecting. If you are making it a singleton you should resolve the DbContext through the IServiceProvider interface

@manisharma3068 3 года назад

Ok, Thanks so much!

@rahimliparviz 3 года назад

Hello ,I just cannot understand why we should register this middleware "app.UseAuthorization()" on startap class.On my demo project I use Authorise filter without this middleware and with JWT authentication and everything works fine .So for what cases or for waht reason we have to use this middleware ?.If you have time please reply to me,thanks in advance.

@RawCoding 3 года назад

> UseAuthorisation look at HttpContext for a cookie / access_token in the header or query or anywhere in the request. > UseAuthorization look at the ClaimsPrincipal that has been added to the HttpContext and verify it's allowed based on the controller. It takes care of invoking the correct authorization handler for your [Authorize] attribute and checks the ClaimsPrincipal hope this helps.

@ManavDIY 4 года назад

Does this Authentication and Authorization work on .NET Core Web API? I'm planning to build Web API and leverage Vue.Js for the client-side. By the way, thanks for the great video. Well Explained!

@RawCoding 4 года назад

Yes it will.

@phuocnguyen2201 3 года назад

I wouldn't fail the interview, if I found your video sooner. That sucks 😕.

@RawCoding 3 года назад

Better luck next time!

@cyjbox 4 года назад

the action's authorization and the authorize policy are written in code, can they be configured on runtime? hope you understand my horrible English.

@RawCoding 4 года назад

Yes they can be, however I’m not explaining the solution because it’s quite a hard one

@ranadebpramanick469 3 года назад

hi, In your video when we get an access denied because of the absence of a claim , why does your browser show 404 status code? Shouldn't it be 403 unauthorized request?

@RawCoding 3 года назад

404 because the Access Denied page is not found.

@yamildiaz9393 4 года назад

If we use AD from Microsoft server, how can we give claims and policies to each user in our sql database?

@RawCoding 4 года назад

You have pass the windows authentication token. Once you do that you can inspect the IdentityPrinciple and the Claims that it has. The AD groups that the user is in should show up there.

@cybernet8656 4 года назад

How do you pass a windows authentication token? Maybe have a tutorial on this!

@RawCoding 4 года назад

@@cybernet8656 I don't have a professional environment setup do demonstrate it to the level I'd like to. You can see the basics here: docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio it's pretty straight forward

@theguruman99 4 года назад

Hi - and thanks for a great tutorial. I've followed all the preceding tutorials and they are all great. I am looking into what you said about "Roles" - that you presume this is legacy code. I've been looking for more info on this on the internet but there is virtually nothing to back this up. "Roles" still feature very prominently in Authorization documentation and tutorials. Can you please point me in the right direction where it states categorically that Roles should no longer be used for Authorization. Many thanks in advance.

@RawCoding 4 года назад

Well that’s not correct roles are just a way to represent a real world model

@picflight 4 года назад

Raw Coding , is using the Claims rather Roles the preferred way? I too am wondering if Roles are legacy.

@RawCoding 4 года назад

@@picflight if you have the concept of Roles in your domain, use Roles.

@picflight 4 года назад

Raw Coding , thanks.

@kamarchand 4 года назад

Can you add to you list the windows authentication for people who design for an intranet website. regards

@RawCoding 4 года назад

I will see what I can do, because there are a couple of problems that arise with this. 1st is you lose the cross-platform feature 2nd is I don't have the infrastructure at home (win10 professional or Active Directory)

@kamarchand 4 года назад

@@RawCoding I understand. great video I really enjoying them. keep the good work.

@ripper9112 4 года назад

What is Trifecta ur talking about? I googled trifecta programming and trifecta ASP and theres no explanation.

@RawCoding 4 года назад

Can you give me a timestamp in the video where I say it? It's not a design pattern or anything like that, it only has meaning in the context that I say it in, probably just highlighting a trio of something, like three things that work together.

@ripper9112 4 года назад

@@RawCoding If its not design pattern or any concept, and u just meant 3 things thats enough for me, Thanks. If i remember corrently it was in Configuration in startup class. Theres a lot of people watching whos english is not native language like me, using as simple language as possible is very importatnt for clarity espetially for begginners. Not that you use overly thechnical language, but its good to be aware of that for u as content creator of this type.

@RawCoding 4 года назад

@@ripper9112 sorry about the confusion, thank you for taking the time to point this out.

@nareshnarasimhalu 4 года назад

11:49, in CustomRequireClaim.cs file, i put foreach instead of => var hasClaim = context.User.Claims.Any(x => x.Type == requirement.ClaimType); i.e line number 23. as foreach(var value in context.User.Claims) { if(value.Type == requirement.ClaimType) { hasClaim = true; } else { hasClaim = false; } } but when i viewed value.Type i am getting => nameidentifier and requirement.ClaimType => dateofbirth why its so. because of which i am getting AccessDenied

@RawCoding 4 года назад

Once you find the true condition you need to break the loop otherwise you override it.

@raghurambhagawatula7025 3 года назад

Hi, can someone point to me if there is a tutorial on setting up MFA using Email in this series

@RawCoding 3 года назад

No MFA here

@santukumar-om3by 4 года назад

Please make a video on store encrypted password in database with hash + salt.

@RawCoding 4 года назад

It's done automatically by Identity. Do not roll your own. I will not be making a video on this.

@santukumar-om3by 4 года назад

Is it possible to give any resources or video for encrypted password by identity.

@RawCoding 4 года назад

@@santukumar-om3by I show you how to do it in episode 2... The password hash is created when you create a user with the password. UserManager handles that, SignInManager also creates the hash to check if the entered password is correct. The hash is not reversable.

@vandeljasonstrypper6734 2 года назад

Can policy can be able to dynamic ?

@dexterman6361 4 года назад

Holy shit, this makes so much sense!. How does someone learn this, and understand something so well? Kudos to you for understanding it, and explaining it/articulating it well, and for free, on RU-vid. Damn. Mind Blown! Thank you very much for this series! P.S. Is there anywhere I can ask you a few questions on the developer journey? My email is alien243600@gmail.com Having recently graduated, I somehow feel I'm behind the industry expectations.

@RawCoding 4 года назад

cheers, join the discord channel