@@durimmiziraj4815 if you check the description, I have put a link to the GitHub Repository for the final integration of the 3 parts. github://mobiletonster.com/Authn
Crisp and clear descriptions of how to do custom auth. Most articles will just thrust entity framework with identity schemes in your face, but this really shows the basic fundamentals and how to do them from the ground up. Fantastic tutorial.
Thank you for your kind words. This has been a lot of work to put together and I hope it will help someone. I know it is a complex topic because I had to fight through it myself and I promised that if I ever figured it out I would try to give back to the community who helped me. I just posted Part 2 in the series, so enjoy.
That was a really good Tutorial. I really like how you explain things (even trying and doing it wrong to know what went wrong). Thanks a lot, waiting for more about this topic.
You are a good teacher! In fact, I don’t know much about ASP.NET, but when I finished watching this video, I knew the difference between authentication and authorization, and understood how they work in ASP.NET!
Tony, I am 45 minutes into your first video. Everything works. I am so grateful for your thorough explanations about this complex topic. I have worked with JWT's and now I decided I want to use cookies. I just want control and don't want to use MSFT Identity so understanding this completely is very important to me. You are the best resource I have found so far. Thank you!
i watched over 20 videos regarding Authorization/Authentication,Not even one video i didn't clarity after seeing your video i got clarity what is this Concept about thank you so much,
Indeed. While the Identity Package can be useful, over the years I have found that I prefer to either use and Identity Provider (Google, Microsoft, Facebook, Twitter, etc.) or if I must have my own identity system, to use my own so I can easily modify the claims/properties that I want to capture for my users.
Hi Tony. Congratulations on your job. I am quite sure this is the best I´ve ever seen about this subject. Looks like you have a natural gift for being a teacher.
Amazing explanation, pace was spot on, it made perfect sense. I also feel like having watched it I can jump in where I need to as a refresh as I now build it. Thank you 😀
Thanks for this great sharing of knowledge and process. So often with frameworks it seems the only way to learn is to blindly follow convention, but you show us how to play around with this beast and gain a deeper understanding of what we're actually doing.
I'm only about 1/2 of the way through your video and this is great stuff!! You hit the nail on the had for what I was looking for in a tutorial. I plan on watching your other videos as well. Thank you very, VERY much!!! Well done!!!
Very good tutorial for me... Everything I saw so far was using the Entity Framework so it gives me an inspiration to do it without EF.. Now need to understand more how to do the same with oAuth and OpenId connect for both a UI and API... Will go watch your other videos... Thanks man again for the video. Well done!
Thank you for this wonderful job of teaching us of authentication work on asp net. I never found ressources like this on this specific aspect of Asp Net Core. Please keep going !
I'm glad you found it helpful. I just remember struggling through things like Authentication and wished there was a way to break it down into simpler concepts, so when I finally figured out some things, I decided to share it with others. It was hard work to put it together (and scary to be on camera to be honest) but now that I see how many people have benefited from it, it makes it worthwhile.
@@mobiletonster don't worry about the camera you did really well! I like as the way you explained literally step by step! If you consider to make a fully udemy course I'd buy it without hesitation! I really wanted to know how you can make a fully login with registration , forgot and reset password, role based, and even third part login like Facebook or Gmail etc! And what I haven't still found how you can deploy and publish Register and Login pages to an existing website with databases! Only I can find is local host! Aren't you doing private lessons?
Awesome explanation. One thing I have always had a hard time wrapping my head around is Authorization and Authentication. ps. Ogden is beautiful, had the pleasure of attending Weber State there!
Great! I'm glad it helped. There is also part 2 and 3 which dive into OpenId/OAuth implementation and connecting a database to house roles, etc. Enjoy!
Thanks for your comment. Can you tell me the resolution of the computer you are watching on so I can gauge how large to make the content? It is always tricky to balance as some people are on large 4K monitors and others are on smaller monitors. Hopefully no one is trying to watch code on a mobile device, like a phone. That would be very difficult.
@@mobiletonster oh my bad. I was using mobile. Actually I came across your channel last night when I was searching filters in MVC. I would try your tutorials on my laptop screen. Have a great day Mr. Tony.
This is amazing stuff I have never seen a video like this with so much detail starting from scratch thank you, could you please create content where we have different types of authentication like you covered cookies apart from this like JWT and few others.
Wow! great explanation, but you'd have explained how to do the assignment of the claims in another Class trying to do the separation of concerns; and Using A database for the usr and pass... event the roles
Very nicely done Tony. That was just the intro into ASP.NET that I was looking for. Just a quick question; how would you implement a "Remember Me" option in the Login screen?
If the user selected the checkbox, I would store their username in a cookie. Then when they returned, I would check for the presence of that cookie and extract the information from it (using javascript) and inject it into the input field for username. I would still require the user to enter a password.
Thanks for the feedback. I would actually like to put together a series of videos from basic to advanced. Expert? I don't consider myself an expert, so not sure I can do that part.
Thank you, I plan to. I have been on a major project at work that has prevented me from getting my next planned video completed. Hopefully I will be able to get back to it soon.
I hope it was helpful. Be sure to watch parts 2 and 3 as well. There is some good information in those other 2 parts that you may find helpful as well.
Awesome tutorial! Curious, when you "hardcode" the Admin claim in the OnSigningIn event, is this an ok place to get that "admin" flag from a database? or could it get passed from my username/password lookup in the login action?
Yes. In parts 2 and 3 we build up to using a database to get that information and demonstrate using Identity as a service providers like AzureAD or Okta, etc.
Hi Tony, Excellent. Now cookie authentication is clear to me. You have great teaching and presentation skills. I have a question for you. Like cookie authentication, do we have session based authentication in core? I have seen various example of storing the data in session and retrieving back but nowhere found for authentication and authorisation purpose. Does it exists or just used to store the data for state management?
Are you referring to session on the server or in the browser. You can store session in either place, but in today’s cloud world with dynamic scaling, server side session storage isn’t as flexible as it forces a user to alway be connected to a specific server or you must synchronize session across multiple servers. Cookie based authentication scales much better as it isn’t tied to a specific server instance. As for storing something like a token in browser session storage, this is a common pattern however it requires more work from the developer to alway include the token in the header of each request to the server whereas the cookie rides for free on each request (on fetch requests make sure to use “includecredentials” option for cookies)
@@mobiletonster Thanks for your reply. I was talking about server side session. ultimately session uses cookie to store data in the browser but it is safe when using in memory session. Other than cookie authentication, What other option we have for authentication in MVC ? Because for safety purpose, cookie based authentication assumes to be a bad choice.
Cookies, when used correctly, are a safe option. The key is to 1. use https, 2. make sure the cookie is bound to a specific domain 3. set it to httponly so it can't be read on the client side in javascript 4. control the security level to be strict or same site, not lax. Using these and other techniques such as CSRF tokens to prevent cross site scripting attacks will further improve the security of your site while using cookies. Alternatives to using cookies include using JWT tokens added to the Authorization header, but they are really not any safer thank a cookie. Like a cookie, the JWT token is passed in the header, but the JWT token is usually readable by the client side, whereas a cookie can be encrypted so that it is not readable by the client side or browser (httponly). If you need store JWT tokens in the browser, don't store them in localstorage (which is a common practice, but not a good idea). Store tokens in sessionstorage or in memory (like in a react state object, or Angular state object) or .... in a cookie (lol).