Adding JWT Authentication in ASP.NET Core With Supabase Auth

Implementing API Key Authentication in ASP.NET Core

Штаны легионера

НУБ И ПРО ТНТ БИТВА В МАЙНКРАФТ ГОЛОДНЫЕ ИГРЫ ! НУБИК И ТРОЛЛИНГ ЛОВУШКА MINECRAFT

Как пронести Конфеты В ТЮРЬМУ

How To Implement API Key Authentication In ASP.NET Core

Milan Jovanović

Подписаться 94 тыс.

Просмотров 33 тыс.

50% 1

Видео Поделиться Скачать Добавить в

☄️ Master the Modular Monolith Architecture: bit.ly/3SXlzSt
📌 Accelerate your Clean Architecture skills: bit.ly/3PupkOJ
🚀 Support me on Patreon to access the source code: / milanjovanovic
API Key Authentication is commonly used in S2S scenarios. You provide the API caller a unique key that they use to authenticate with your API. The API Key can be sent in a few ways. For example, it can be sent in a request header, the query string, or in a cookie. I'll show you how to implement API Key authentication in Minimal APIs and how to do it with controllers.
Join my weekly .NET newsletter:
www.milanjovanovic.tech
How To Implement API Key Authentication In ASP.NET Core
www.milanjovanovic.tech/blog/...
Read my Blog here:
www.milanjovanovic.tech/blog
Subscribe for more:
/ @milanjovanovictech
Chapters
0:00 Defining an endpoint filter
1:50 Implementing ApiKeyAuthenticationEndpointFilter
6:45 How an endpoint filter works
8:37 Validating the API key
12:32 Alternatives to sending the API key in the header
13:22 Alternatives to storing API keys in the application configuration
14:12 API key authentication with controllers

Опубликовано:

1 авг 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 64

@MilanJovanovicTech Год назад

Want to master Clean Architecture? Go here: bit.ly/3PupkOJ Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt

@BK-19 Год назад

Nice, easy clean explaination, will definetly use in my next minimal API project.

@MilanJovanovicTech Год назад

Glad it was helpful!

@JosephRuhundwa Год назад

Thank you @Milan for your great content

@MilanJovanovicTech Год назад

You're very welcome!

@peymannaji 10 месяцев назад

It was very useful Milan, Thanks a lot!

@MilanJovanovicTech 10 месяцев назад

Glad it was helpful!

@amrnouh3414 Год назад

Thanks for your awesome content and simplified explaination keep it up ❤️👏

@MilanJovanovicTech Год назад

My pleasure 😊

@RioTheHitman Год назад

This is absolutely beautiful thank you

@MilanJovanovicTech Год назад

You are so welcome

@Tamer_Ali Год назад

Thanks Milan, you awesome 👍

@MilanJovanovicTech Год назад

Thanks a lot for watching 😁

@DigiWorldHub 7 месяцев назад

Looks good for the beginner. Thanks.

@MilanJovanovicTech 7 месяцев назад

No problem!

@ArgFernando Год назад

👍👍 Thx for share !!

@MilanJovanovicTech Год назад

You're welcome :)

@masterofclay123 9 месяцев назад

Nice vid. Pretty cool.

@MilanJovanovicTech 9 месяцев назад

Glad you enjoyed it

@nouchance Год назад

THANK YOU SIR

@MilanJovanovicTech Год назад

Most welcome

@10Totti Год назад

Best!

@MilanJovanovicTech Год назад

Thanks!

@Tamer_Ali Год назад

Hi Milan, I hope you show us how to use commands and queries to write and read from database using different contexts for better performance for enterprise projects like e-commerce for example Command write to SQL database Queries read using Elastic Search

@MilanJovanovicTech Год назад

That would be such an interesting video 😁😁 Definitely planning more stuff around distributed systems.

@onedev7316 Год назад

Very nice explanation as always. Is there any chance you can do a video on user impersonation using JWT/Identity please.

@MilanJovanovicTech Год назад

I don't find that feature compelling enough to dedicate a video to it, for now

@Ahmed-ui5wn 6 месяцев назад

Great explanation as usual. Would you please share with us the theme you are using in Visual Studio. Thanks. Keep it up.

@MilanJovanovicTech 6 месяцев назад

ReSharper

@reggyA898 Год назад

Hey, one question, what are u doing in case if mulptiple commands using the same logic partually, it can contains request to database, or just logic without requests to database. Where do u store common code like that? Or u just repeat same code in both commands because the idea of commands that they are independent

@MilanJovanovicTech Год назад

I would either: - repeat same code in both commands if it is 2 situations - store common code in a service if it's more than that

@reggyA898 Год назад

@@MilanJovanovicTech thanks!

@mylesdavies9476 Год назад

What are your thoughts on using middleware to check for the key, this is something I have done previously

@MilanJovanovicTech Год назад

Works just fine 😁

@microtech2448 Год назад

Can you please explain how this can be added as custom authentication handler which can be added in startup woth its own custom scheme name in addition to inbuilt jwtbeater or cookie authenticators so that an api endpoint can be authenticated either through jwt token or api key? Thank you!

@MilanJovanovicTech Год назад

Hmm, could make for an interesting video

@barr5221 Год назад

Milan what about an episode where you explain message metadata? For example: -Authentication token / API key -Correlation Id -Causation id -UTC Timestamp -Culture / Localization of the client -Message version -Message unique id -others? What do you think is necessary?

@barr5221 Год назад

At least Correlation Id is always MUST BE for my APIs. How can you solve issues on production without it? At my current job we use Authorization token and Culture as well. When some problem arises I really would like to have all of them.

@MilanJovanovicTech Год назад

I like the idea, I'll see what I can come up with!

@ArnonDanon Год назад

Hi Milan, how do you secure this key with your users when you hand them the key? Do you recomend some key rotation mechanism? How would you handle revocation of a stolen key and hand a new key to the customer? I hope to hear your approch for those scenarios.

@MilanJovanovicTech Год назад

You can't really secure it once you hand it over to the users. Same with user passwords. If they're compromised, there is nothing you can do about it. With API keys, revocation is easy. Create a new key, hand it to the customer, and give them a grace period to switch to the new key.

@ArnonDanon Год назад

@@MilanJovanovicTech thanks for taking the time to answer it

@VeggehGaming Год назад

Would it be worth it to have the API key in the header hashed and then check the hash with a hashed version of any valid API keys you have in order to increase security?

@MilanJovanovicTech Год назад

Probably, it makes a lot of sense

@ferenc3460 Год назад

Hi! Can you show us an implementation about how to use this or JWT in a MAUI or WPF application (even with refresh token)?

@MilanJovanovicTech Год назад

Sounds fun, I'll add it to my content list

@ferenc3460 Год назад

@@MilanJovanovicTech thanks! I have no problem to implement JWT tokens into a web app and save it in the cookie but I can't really find too much information and clean solution how to do it in desktop and mobile application.

@fillegar Год назад

Your tweet said the video would cover: - Great at limiting access to an API - Tracking usage and billing I don’t see those topics listed in the chapters. Which chapters cover them? Or is there another video? Thanks in advance.

@MilanJovanovicTech Год назад

Oh, sorry if it was a little misleading. I kind of shared in the Tweet "what I learned", while the video is more focused on "how to implement authentication" only

@MilanJovanovicTech Год назад

I'll see to tackle tracking/billing in a future video, it's a nice topic

@jeffersantosss Год назад

Milan, how to implement support for multiple authentication methods in Swagger, including Bearer Token and API Key?

@MilanJovanovicTech Год назад

I'm not sure honestly, Swagger is a bit tricky

@roberteru25 Год назад

// add JWT Authentication var securityScheme = new OpenApiSecurityScheme { Name = "JWT Authentication", Description = "Enter JWT Bearer token **Bearer token**", In = ParameterLocation.Header, Type = SecuritySchemeType.ApiKey, Scheme = "bearer", // must be lower case BearerFormat = "JWT", Reference = new OpenApiReference { Id = JwtBearerDefaults.AuthenticationScheme, Type = ReferenceType.SecurityScheme } }; x.AddSecurityDefinition(securityScheme.Reference.Id, securityScheme); x.AddSecurityRequirement(new OpenApiSecurityRequirement { {securityScheme, Array.Empty()} }); // add Basic Authentication var basicSecurityScheme = new OpenApiSecurityScheme { Type = SecuritySchemeType.ApiKey, In = ParameterLocation.Header, Name = "X-API-KEY", Reference = new OpenApiReference { Id = "ApiKey", Type = ReferenceType.SecurityScheme } }; x.AddSecurityDefinition(basicSecurityScheme.Reference.Id, basicSecurityScheme); x.AddSecurityRequirement(new OpenApiSecurityRequirement { {basicSecurityScheme, Array.Empty()} });

@danyaracena222 Год назад

Can the Implement API Key Authentication be used for a multi-tenant structure?

@MilanJovanovicTech Год назад

Yes, you'll just need more API Keys. One for each tenant. And also, based on the API Key provided in the request, you'll have to extract the Tenant ID information.

@danyaracena222 Год назад

@@MilanJovanovicTech Thank you for video is good resource.

@techpc5453 Год назад

from saudi arabia

@MilanJovanovicTech Год назад

👋 from Serbia

@techpc5453 Год назад

@@MilanJovanovicTech best people from Serbia And Russia

@MarcusKaseder Год назад

Unfortunately you've mixed up Authentication and Authorization. If it is about Authentication like you've mentioned in your title and folder, you should've set a valid Principal like ClaimsPrincipal to the context - nothing more. If it is about Authorization like you've mentioned in your filter and the controller interface, the filter is correct if it returns a Unauthorized result 😉

@MilanJovanovicTech Год назад

I wouldn't agree - try to detach the naming conventions from what I'm actually doing. Authentication - who is calling the API. Authorization - what can the caller do (roles, permissions) It's an unfortunate circumstance that the HTTP Status code is 401 Unauthorized, which represents a not-authenticated user. And 403 Forbidden for a user without permissions. You'll notice that the name of the attribute in MVC is Authorize - which tackles Authentication - but is called so to match the respective status code.

@MarcusKaseder Год назад

@@MilanJovanovicTech Oh yeah, true! Absolutely forgot about the 403. It is rarely used in our applications because we don't want to expose api internals to the client. (security reasons)

Далее

Adding JWT Authentication in ASP.NET Core With Supabase Auth

11:49

Adding JWT Authentication in ASP.NET Core With Supabase Auth

Просмотров 7 тыс.

Implementing API Key Authentication in ASP.NET Core

17:57

Implementing API Key Authentication in ASP.NET Core

Просмотров 72 тыс.

Штаны легионера

00:44

Штаны легионера

Просмотров 372 тыс.

🌊🌊🌊

01:01

Просмотров 809 тыс.

НУБ И ПРО ТНТ БИТВА В МАЙНКРАФТ ГОЛОДНЫЕ ИГРЫ ! НУБИК И ТРОЛЛИНГ ЛОВУШКА MINECRAFT

18:48

НУБ И ПРО ТНТ БИТВА В МАЙНКРАФТ ГОЛОДНЫЕ ИГРЫ ! НУБИК И ТРОЛЛИНГ ЛОВУШКА MINECRAFT

Просмотров 307 тыс.

Как пронести Конфеты В ТЮРЬМУ

19:16

Как пронести Конфеты В ТЮРЬМУ

Просмотров 393 тыс.

Going Functional with Railway Oriented Programming in C#

49:30

Going Functional with Railway Oriented Programming in C#

Просмотров 617

The RIGHT Way To Use HttpClient In .NET

11:46

The RIGHT Way To Use HttpClient In .NET

Просмотров 55 тыс.

Роман Просин "Аутентификация и авторизация на платформе.NET и Keycloak"

1:08:57

Роман Просин "Аутентификация и авторизация на платформе.NET и Keycloak"

Просмотров 6 тыс.

API Key Authentication Best Practices

25:56

API Key Authentication Best Practices

Просмотров 27 тыс.

Extremely FAST Caching Repository With Decorator Pattern in ASP.NET Core

15:21

Extremely FAST Caching Repository With Decorator Pattern in ASP.NET Core

Просмотров 50 тыс.

Implement API Key Authentication in ASP.NET Core Web API

19:06

Implement API Key Authentication in ASP.NET Core Web API

Просмотров 4,3 тыс.

Background Tasks Are Finally Fixed in .NET 8

10:29

Background Tasks Are Finally Fixed in .NET 8

Просмотров 105 тыс.

.NET 🚀🔥 : API Security: A Comprehensive Guide to Safeguarding Your APIs with API Keys

39:53

.NET 🚀🔥 : API Security: A Comprehensive Guide to Safeguarding Your APIs with API Keys

Просмотров 6 тыс.

ЧТО ЭТО За Флешки Замурованные в СТЕНЕ? #shorts

0:53

ЧТО ЭТО За Флешки Замурованные в СТЕНЕ? #shorts

Просмотров 6 млн

Сделал из обычного телевизора телевизор с выходом в интернет!

0:55

Сделал из обычного телевизора телевизор с выходом в интернет!

Просмотров 105 тыс.

А вы докажите что мы сломали ноутбук! Как современные сервисы решают проблемы.

23:09

А вы докажите что мы сломали ноутбук! Как современные сервисы решают проблемы.

Просмотров 58 тыс.

New setup part 3: There's still a lot to add #setup #gamer #gameroom #techhouse #gamingtech

0:50

New setup part 3: There's still a lot to add #setup #gamer #gameroom #techhouse #gamingtech

Просмотров 5 млн

Я КУПИЛ РАСКЛАДУШКУ С ИСКУССТВЕННЫМ ИНТЕЛЛЕКТОМ!

13:12

Я КУПИЛ РАСКЛАДУШКУ С ИСКУССТВЕННЫМ ИНТЕЛЛЕКТОМ!

Просмотров 254 тыс.

Подсветка для машины в usb порт с wb #обзор #wildberries #дляавто

0:16

Подсветка для машины в usb порт с wb #обзор #wildberries #дляавто

Просмотров 84 тыс.

Запись звонков на iPhone, Apple Intelligence и новая Siri! Обзор iOS 18.1 (beta 1)

12:20

Запись звонков на iPhone, Apple Intelligence и новая Siri! Обзор iOS 18.1 (beta 1)

Просмотров 63 тыс.