ASP.NET Core Authorization (.NET 7 Minimal Apis C#) 

I keep coming back to these basic walk throughts of the complex topic of authentication / authorization as really they are the best way I found to get my head wrapped around this topic

I've said it once and I'll say it a a hundred times, Anton has the best flow in telling dev stories

To say that your videos are a godsend is an understatement. Thank you!

First of all, thanks for that content. It's pure gold. I was coding along the tutorial, and got the InvalidOperationException when trying to call the SignInAsync method inside the login route, and I had the exact same code as Anton. If anyone else is getting the error, to fix that you have to pass the scheme in the ClaimsIdentity constructor: var identity = new ClaimsIdentity(claims, AuthScheme);

Very impressive as always. Short, easy to understand, only the essence.

Great! Please more about customization policy and handlers etc.

Cool stuff! Thank you for your efforts man!!!

As a dane, I was worried we weren't included, thank you for including! 😁

Wow, so well done! Thanks for posting, man! Very helpful.

Great video, thanks for your explaination. It helps me understand a lot about asp.net core authentication because there isn't any document for detailed

Your channel is gold mine!!!, thanx alot for amazing explanation.

Thank you very much! Your content is really very helpful!

Another great video. Thank you, Anton!

Great video. At 15:47 the video of you covers the code. This is very informative though, thank you for making it.

Extremely good content. you're awesome!

Thanks a lot. Its a lot to digest, but its very well explained :)

Amazing Job

Thank youuu, U r simply the best. Helped me alot!!

Amazing as always! A lot of good info without bla bla bla.

Man you really live up to your channel's name - "Raw anaylysis of concepts"

Thank you for the great content. You are a GEM

Amazing Video!

Nice video!

Very impressive , Thank you!

You are simply amazing

We just don't deserve you! Thanks a lot!

Thank you 😍🤩

Very good!

thank you

Thank you!

Hi, Anton. Thank you for your super usefull content. What do you think? I have some remote repository (web api) that provide permissions of authenticated user. Getting this permissions must be done in AuthenticationHandler or in AuthorizationPolicy when deciding if user allowed to have access to endpoint?

If i authorize with the IISAuthorizationScheme against a local Ad on Windows, which claims will be filled in the user object? Can i influence the process of building the user object? Thank you so much.

tq

How would this work in a production setup? A database with hashed passwords for login and then another table for their claims?

Thanks for the video, can you make Auth with vue, logging in, out and registering and navigation to endpoints based on claims, =)

Great video as always. Nice and slow.

Lets say I have an ERP system and a user needs access to Contacts, Projects, inventory, Accounting, Leads, etc (each of those have read write update roles). This could lead to adding a lot of claims to the token. Is it ok to add many claims with their roles? Or would it be better to make another request to the Api to get the User's roles and permissions?

thanks

any of them even if they all are bit similar. But I can tell few tNice tutorialngs changed and also I forgot almost everytNice tutorialng so I guess Im gonna start

Do you have a double like option? =)

yes

I have bit unrelated and general question. What do you think about Authentication with JWT and Asp.Net Identity. Is this simple stack enough to create API that's consumed by SPAs. Or should I opt in for advanced stuff like Microsoft Identity

Привет. Серьезно про латвийский паспорт? А почему так? Я глянул и вроде он дает то же самое, что и другие паспорта EU. Нет?

That haircut made me watch the video

Thank you Anton for great videos👍

FYI: You should bring back your old haircut :)

anyone know how to fix it?

Man! You're very good. I'll send to you my brain memory address, can u transfer about 10% of your knowledge please 😁

Simplicity soft

I cannot believe now the man without long hair and the look as Jesus 😂

Hi man, i have a question suppose i have this authorization/authentication builder combos //AUTHENTICATION string adminScheme = "admin-cookie"; string moderatorScheme = "moderator-cookie"; string VIPuserScheme = "vip-user-cookie"; string userScheme = "user-cookie"; builder.Services.AddAuthentication() .AddCookie(adminScheme) .AddCookie(moderatorScheme) .AddCookie(VIPuserScheme) .AddCookie(userScheme); //AUTHORIZATION builder.Services.AddAuthorization(builder => { builder.AddPolicy("admin-policy", policy => policy .RequireAuthenticatedUser() .AddAuthenticationSchemes(adminScheme) .RequireClaim(ClaimTypes.Role, "admin")); builder.AddPolicy("staff-policy", policy => policy .RequireAuthenticatedUser() .AddAuthenticationSchemes(moderatorScheme, adminScheme) .RequireClaim(ClaimTypes.Role, "moderator","admin")); builder.AddPolicy("vip-user-policy", policy => policy .RequireAuthenticatedUser() .AddAuthenticationSchemes(VIPuserScheme, moderatorScheme, adminScheme) builder.AddPolicy("user-policy", policy => policy .RequireAuthenticatedUser() .AddAuthenticationSchemes(userScheme, moderatorScheme, adminScheme) ); }); the first policy is for admin only users endpoints the second is for staff only users which is mainly for moderators but ofc admins can also do their actions the third is for registered users ( which includes mods and admins ) now what if i wanted to have more of a dynamic policy with some actions that can be performed only by certain moderators + all the admins like maybe i want some moderators to be able to edit some posts but not be able to delete them while some other moderators can so it's a mix between Roles and Priviledges assuming i had a DB my User model would look something like this public class User{ //usual stuff, id,username etc public string Role {get; set;} public List Priviledges {get; set;} } i know i could add some extra data in the claims maybe the array of priviledges? but if i were to remove some priviledges to a user they would remain in the cookie so i wonder if there is a better way to approach this? is there a video on your channel that explains something like that ? and if not what would you think a good approach could be ?

Thank you!