Backend for Frontend for ASP.NET Core Authentication

Подписаться 73 тыс.

Просмотров 13 тыс.

50% 1

Example of how to use the Backend for Frontend (BFF) pattern for ASP.NET Core Authentication. We explore how to store tokens on the backend and call external api's via your service.
Patreon 🤝 / raw_coding
Courses 📚 learning.raw-c...
Shop 🛒 shop.raw-codin...
Discord 💬 / discord
Twitter 📣 / anton_t0shik
Twitch 🎥 / raw_coding
OAuth Correctly: • ASP.NET Core OAuth Aut...
YARP: • Introduction to YARP a...
#aspnetcore #authentication #bff

Опубликовано:

18 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 25

@shakeuk Год назад

Great video, i feel authentication is the Achilles Heel for a lot of developers, SPAs are great but should not be looking after access/identity tokens as its just not secure.

@jamesterstudio4812 4 месяца назад

oHey Great video, did you create a github for this coding tutorial?

@mibli2935 Год назад

Please consider making a video on how to merge this tutorial with Blazor Webassembly Hosted App. Thanks!

@user-pq9yh Год назад

If I understood correctly, this pattern means that even if an SPA can authenticate directly by calling the OAuth endpoint, for example when using Auth0, the best practice is to do this only through the backend, or is it something else ?

@RawCoding Год назад

if you have a SPA and you need to call youtube or facebook, you need a token. BACKEND for FRONTEND stores tokens on the backend and makes correct requests to appropriate api

@bertan7 4 месяца назад

Awesome, thank you

@TellaTrix 8 месяцев назад

Yo Yo not everybody is like you smart ad intelligent. Too fast bit bouncy over all your content. Thanks for sharing.

@tombalabomba3084 5 месяцев назад

How do you redirect to youtube from your view frontend? Does the connect-youtube endpoint send back a redirect url with oidc params?

@aligeovany4645 Год назад

hi please share a a video for creating 'SSO' and do that just with pure C# code, I mean don't use Identity Server or etc. Teach this tech with pure code. thanks

@RawCoding Год назад

Hi, check the playlist there’s a video how to do SSO using cookies

@nh--66 Год назад

Awesome

@jamesterstudio4812 4 месяца назад

Do you have an example where we are using google for authentication?

@TheAzerue Год назад

Do you think using Distributed cache in Db is good way to store token against cookie ?

@xardasu3646 2 месяца назад

Dotwatch ? . Where can I get the CLI ?

@TheAzerue Год назад

Hi Very good video. Three question. In a monolith app with no external authentication, just on the same server authentication. Q1. Is storing a token in local storage a bad practice from security point of view, even if we are doing an Api call same server and not on some external server like youtube, facebook ? Q2. If we are hitting apis only on our server, is authenticating a user with username and password is flawed ?. I mean is OpenId Connect still a best practice or it is over kill. Q3. With BFF when using refresh token to get an access token. Is middleware a best play to implement this ? What i understand from your BFF video, is token is stored at backend and with frontend only a small is cookie, that could contain a user-id. And then each an Api is called, we grab the token against that user-Id, populate the ClaimsPrincipal and complete an Api either external or on same server. Thank you again. I'm learning a lot from you Sensi :).

@RawCoding Год назад

1. I don’t understand why you’d want a token, but yes token in localstorage is not secure storage 2. If it’s same domain, username and password is preferred 3. Watch my refresh token video

@TheAzerue Год назад

@Raw Coding. Would you agree that using BFF even for same domain is more safer than storing token in local storage ?.

@RawCoding Год назад

Same domain use cookie

@TheAzerue Год назад

@@RawCoding For Hybrid application (Mobile and say Angular). Does using cookie still make sense. I mean token like JWT is cross-platform. Although i do agree cookies are more secure on web.

@RawCoding Год назад

Yes you can still use cookies for them.