No video :(

Asp Net Core - Rest API Authorization with JWT (Roles Vs Claims Vs Policy) - Step by Step

Подписаться 24 тыс.

Просмотров 79 тыс.

50% 1

In this video we will go through AspNet Core Authorization (Roles, Claims and Policies). When do you want to use each and give you a better understanding on they fit together.
Support me on Patreon to access the source code:
/ mohamadlawand
So what we will cover today:
00:20 Agenda
00:54 Authentication vs Authorisation
02:50 What is Authentication
03:42 What is Authorisation
05:44 Authorisation Type
06:13 Role Base
09:14 Claims Base
14:30 Policy
18:16 Ingredients
18:42 Code and Implementations
18:56 Setting up the project
20:42 Code: Setting up Roles
1:22:00 Code: Setting up Claims
DotNet SDK:
dotnet.microso...
Visual Studio Code:
code.visualstu...](code.visualstu...
Insomnia API
insomnia.rest/
Let us connect:
🌍 My website - mohamadlawand.com
📸 Instagram - / mohamadlawand087
🐦 Twitter - / moe23
♯ Github - github.com/moh...
🎫 LinkedIn - / mlawand
💥 LinkTree - linktr.ee/moha...
Gear I use (affiliate link): amzn.to/3EbT8Jw
Support my work:
/ mohamadlawand
www.buymeacoff...
Hire Me:
transactions.s...
WHO AM I:
I'm Mohamad, a Enterprise Architect working in Manchester, UK. I make videos about web, cloud, desktop and mobile development.
GET IN TOUCH:
If you’d like to talk, I’d love to hear from you. Tweeting @moe23 directly will be the quickest way to get a response, but if your question is very long, feel free to email me at hello@mohamadlawand.com.
#aspnetcore #authentication #authorizations #Roles

Опубликовано:

21 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 76

@marceloleoncaceres6826 5 месяцев назад

I know this video is 2 years old, but it is OUTSTANDING, Thank you very much for this tutorial.

@MohamadLawand 5 месяцев назад

Glad it was helpful!

@JulianRiverplate14 Месяц назад

I was trying to implement the same functionality by own so I found your video to find and get a different approach, and i got very surprised about how clean and scalable your implementation was. Thanks for this useful resource Mohamad! I hope you can make new series about Dotnet!

@mbkfu1 2 месяца назад

Great tutorial! Finally, I was able to understand this topic. Thank you, Mohammed! ❤

@imranyaseen7880 11 месяцев назад

Ma'Shaa'Allah. Keep up the good work.❤

@robydj5289 2 года назад

Great, right now I am struggling to learn this topic, your tutorial comes at the right time! Thank you!

@feelingeverfine 2 года назад

You’re the man Mohamad. Thanks for making these videos

@anazz2960 2 года назад

Mohamed you are such a hero, I'm a top fan of you and your work, keep it up man ❤

@a.r.kengilish4589 2 года назад

God's blessing will upon on you sir. Thank you so much.

@Varinator 2 года назад

Just found you on youtube as I'm building a boilerplate API for Xamarin/MAUI and refreshing my knowledge - great resources man.

@sibazazo9208 3 месяца назад

Great video. Thank you for the detailed explanation.

@talkathiriify 2 года назад

Thank you so much Mohamad for your time and effort, it is really appreciated Wish you all the best.

@olufemioyedepo2791 2 года назад

Nice video Mohamad! Great work!

@fa35ife 2 года назад

Great Mohammed, thank u

@yosofjoo Год назад

Jazak Allah Khairan

@expertreviews1112 2 года назад

You don’t talk about authentication schemes and challenges… This is really critical aspect many people get confused with

@vaddiprudhvi9292 2 года назад

Thank you so much.. your videos are clear and understandable... this is the right place I have to learn more things...

@faicalammisaid3705 2 года назад

thanks my brother very well done so organized and pro written program thank u soo much this work inspired me ! god bless u

@bankhoagiauten8762 Год назад

thank you so much!

@anthonytan2282 2 года назад

keep it up ur the best😁

@bmassioui Год назад

Good explanation, thanks a lot 💪

@ivanzinov6875 Год назад

Good explination!!!. You have a typo in your slides Authorisation => Authorization

@adebanjooluwasola4709 2 года назад

Great video Brother

@bruno8ribeiro Год назад

Awesome video.

@Tareknageh1999 Год назад

جزاك الله خيرا

@techramedia 2 года назад

awsome tutorial man...had lots of problem implementing jwt but after watching this..i was able without struggling..Thanks a lot for this tutorial

@dkako1129 Год назад

Very good tutorial, you explained it clearly! I would appreciate a deeper dive into policies if its possible. Thanks in advance!

@user-vm3bn8gd5l Год назад

Brilliant!

@marimello9889 2 года назад

Very nice. Thank you very much for the videos :)

@Moath268 8 месяцев назад

جزاك الله خير شرح جميل

@mihailomarcetic2516 2 года назад

Great video !!!

@abdulmuminrashed3853 7 месяцев назад

Great job bro, keep it up. I was wondering if you could share the source code with us.

@ucthinh4455 2 года назад

thanks very much

@talkathiriify 2 года назад

Yes, could you please make more policy like the one in the slides at the beginning of this EP. For example there is a product and assign permissions like view edit create delete the normal CRUD and assign these permissions to the role, That will be highly appreciated. Thank you very much.

@user-vx7xg1ej7m Год назад

Thank you so much

@nothingisreal6345 Год назад

Right: grants access to a feature e.g. edit invoice; Role: defined group of rights, a user can be assigne to 0..N roles. Rights resolve from role membership, e.g. roles are Administrator, Normal User, Backup Operator, note: very similar to user groups, roles are typically manually assigned by an Administrator / claims: defined properties like First Name, Department, Country, rights are derived by user depending on values of claim, e.g. user with cost center = 4711 are allowed to accept bills for that cost center. if the users claim changes the access right change automatically. If you do a step by step vidoe you can't leave out the stepp of adding authorization. there are also several errors in logging.

@mohammadakbari1944 2 года назад

very good

@guedriabdelkalek3946 2 года назад

thanks that was helpful

@zhamed9587 2 года назад

Thank you so much, great content! One question: can one use the same approach (e.g. `[Authorize]` attribute) on GRPC endpoints instead of REST endpoints?

@itwind9912 2 года назад

Sir please make video on claims in detail and also add functionality of add rang claims

@AlThePal78 2 года назад

The claims sounds like models I am confused with that but I am at 11:49 I will keep watching this video lol

@Varinator 2 года назад

One thing - in GenerateJwtToken you already have logic for RefreshTokens which come in Episode 4 of your tutorial? This may confuse some ppl as in Episode 2 it returns string, and here it's Task and the method is async. Because the method is not async in Episode 2, my IDE returned error when I wanted to await GetAllValidClaims, as the parent method is not yet async as per episode 2.

@MortyMortyMorty Год назад

Please can you provide us the source code?

@sergioontiveros4209 3 месяца назад

Hi there, thanks for the video, it was an amazing explanation, but it seems the project is no longer in your repo. Where can I find it?

@sahild6584 2 года назад

@ Mohamad Lawand :Awesome. Can we have more indepth on policies, also can the identity manager be provisioned using SCIM?

@Gilgameshx Год назад

Hi moha, nice work and great explained as usual, yet i have a question: How we could make a dynamic policy? i meant if the app super admin needs to create dynamic policies Thanks man

@olufemioyedepo2791 2 года назад

Hi Mohammad I can't seem to find the link to the tutorial for the starting project. I would like to see how you implemented the user management + db migrations etc. Thanks

@MohamadLawand 2 года назад

Starting Project: github.com/mohamadlawand087/v8-refreshtokenswithJWT

@jayakumar2927 6 месяцев назад

@@MohamadLawand Page not found

@Nolli360Flip 2 года назад

There is one thing that does not work for me. You set 30 seconds for the jwt token. If I use the GET request, the token does not expires after 30 seconds, I tried to wait f.e. 2 minutes and I could still use the same jwt token for the GET request. Only after 5 minutes the request got denied. Did I understood something wrong or why is the jwt token havior different?

@Smcgettrick 2 года назад

You mentioned a link to an initial starting project that would be in the video and comments, but I cannot find it in either.

@MohamadLawand 2 года назад

Starting Project: github.com/mohamadlawand087/v8-refreshtokenswithJWT

@mmlnv2036 2 года назад

What happens if the user edits the jwt token and adds a claim he needs for malicious activity ?

@MohamadLawand 2 года назад

The JWT signature will be invalidated and the API will not recognise it

@mmlnv2036 2 года назад

@@MohamadLawand Thanks Mohamad

@adim1212 Год назад

Can you please check the starting of the starting project. Currently it's not available.

@hamidshah7072 2 года назад

thanks to your great course ,how should we store jwt token in secure way ? i undrestand that local storage and cookies are unsafe to store tokens? so what is the best way?

@rickyvu2388 2 года назад

Aspnet store user in cookie too. I have a same question as you do.

@hamidshah7072 2 года назад

@@rickyvu2388I understand that we can use HTTP-only cookies and Samesite cookies to prevent access and XSS attack to the token

@zergzerg4844 Год назад

I didn't get how to set the policy. I did all as author showed on a video and authorization scheme by role works for me , but when I add policy authorization , then I added claims for user and an attempt to call a method witch protected by policy it returns 403 error forbidden. Also I checked my JWT token and it had necessary roles and policy. Has anyone had the same problem and how to solve it?

@rickyvu2388 2 года назад

If someone got my token and edit expireday then the back end will validate and know it is invalid token right? Another case is what if someone copy my token and use it?

@muhammadsaad1520 7 месяцев назад

i don't find the github repo you mentioned

@andriesmathenjwa9536 3 месяца назад

hi i can't find the v8 repository in your git hub

@tiktokfans9019 8 месяцев назад

I do not find this repository in your GitHub account

@BiaoTV Год назад

The github no longer contains the code examples?

@RishavKarna 2 месяца назад

the git repo is not available!?

@muntheralkhwaldeh728 2 года назад

Thank You for your effort , in my mvc app alwayes give me Unauthorized 401 after Applying the roles and claims can anyone help me

@adnanyangilic6380 2 года назад

Dear Mohamad, could you upload github the same this project also with sql server when you have time? Thank you..

@JBRandria Год назад

Hello, Github link is not found :(

@Razboinikov80 Год назад

The code is no longer available in your Git

@imaneliyev6447 Год назад

Souce Code is not aviable in github(

@FabioGalanteMans 2 года назад

Impossible see the video in cell phone

@piotrus5457 2 года назад

The final version of the code lacks the disabling of checking whether the token has expired when it is refreshed. If anyone has a problem with this, just change the line "var tokenInVerification = jwtTokenHandler.ValidateToken(tokenRequest.Token, _tokenValidationParams, out var validatedToken)" | | V at | | V "_tokenValidationParams.ValidateLifetime = false; var tokenInVerification = jwtTokenHandler.ValidateToken(tokenRequest.Token, _tokenValidationParams, out var validatedToken). _tokenValidationParams.ValidateLifetime = true; "