Тёмный

Implementing JWT Authentication in ASP.NET Core 

Nick Chapsas
Подписаться 311 тыс.
Просмотров 9 тыс.
50% 1

Опубликовано:

 

21 окт 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 49   
@tomtoups
@tomtoups 4 часа назад
Changing the first letter "e" is not a good test for if the JWT is working, because the "e" is the base64 character for the open brace "{" for the JSON. That's why all JWTs start with an "e". It could be failing because it's not a valid JSON fragment
@mynameisshadywhat
@mynameisshadywhat 7 часов назад
The first time in a long time I needed a refresher on this and this is the first recommended video, posted only 17 minutes ago. What sorcery is this, Nick?
@nickchapsas
@nickchapsas 7 часов назад
I’m behind you
@willbo_
@willbo_ 5 часов назад
(⊙ˍ⊙)
@aracon9721
@aracon9721 3 часа назад
it's called youtube algorythem *smirk*
@SunriseTequila523
@SunriseTequila523 3 часа назад
​@@nickchapsasDo you have a course on sql for ef core developers?
@AJIexa8
@AJIexa8 Час назад
Great video! I would suggest to people who are new to JWT first learn fundamentals about OpenID Connect and authorization methods like "Authorization Code Flow" or " Resource Owner Password Grant Flow". Once you understand the flow you will get that Cognito, IdentityServer4 or any other providers are just wrappers around this protocol
@frossen123
@frossen123 4 часа назад
2:30 "It's a piece of string!"😄love it
@DasBloch
@DasBloch 6 часов назад
It would be awesome if you could show how to support multiple authentication methods. Like an API key together with jwt tokens. How do we correctly authorize endpoints and setup the auth ?
@local9
@local9 7 часов назад
This couldn't of come at a better time.
@andersborum9267
@andersborum9267 5 часов назад
It's good starting video on using an external Idp, but don't forget that what's shown here is the bare minimum. Also, notice that Nick is using a stand-alone UI (i.e. Postman or similar) to exchange the returned auth code for a set of tokens that's stored locally (Redis is a great option for these types of short lived data); you'll need to build the exchange mechanism yourself, which is a fun little task. A word of caution: security is not something you should take lightly, especially in an public facing environment and you should never attemt to implement encryption algorithms, unless you're one of the very few experts in the industry, that works professionally on this topic.
@aracon9721
@aracon9721 3 часа назад
so pro-apprentices like me probably still better use Auth0?
@ibnfpv
@ibnfpv 34 минуты назад
What about the user in DB? Manage additional data ? That you don’t want to exposed in jwt How you will merge the auth flow with real application need like current user in a request context Gather additional info from db and so on In best practice from your perspective
@vintage8
@vintage8 6 часов назад
Thanks, couple questions tho: How should I sync the users to my db with external id providers? Should I store roles, permission in my db or in the external provider? and also shouldnt client secret be secret? I shouldnt use it in a spa, right?
@checox1909
@checox1909 2 часа назад
Nick which SO do you use?
@margosdesarian
@margosdesarian 4 часа назад
Hey Nick, can you make a video about which is the nicest butter?
@petewarner1077
@petewarner1077 4 часа назад
Let's demand a #buttercop series in which Nick takes a look at terrible butter advice posted on LinkedIn and signs off with "But now I want to know about you.... which butter do YOU think is the nicest butter? Are you using butter in your applications? Or a healthy low-fat substitute?"
@MarvinKleinMusic
@MarvinKleinMusic 3 часа назад
It would be pretty intersting how you can secure a Blazor app with JWT.
@Arshaad786000
@Arshaad786000 3 часа назад
cool. could you show us how this would work with the microsoft identity tables in SQL
@kidsam27
@kidsam27 5 часов назад
Have you ever considered or compared this to something opensource and self hosted like key cloak? I've used it in a couple of project and i has pretty much all you've showcased but it's bit more quirky.
@paulguk
@paulguk 5 часов назад
I much prefer jwt.ms over Auth0's decoder. Much simpler page and also decodes the iat and exp values etc.
@the_arch
@the_arch 5 часов назад
Any chance of making a video for integration with MS Entra SSO?
@SuperLabeled
@SuperLabeled 4 часа назад
"Trust me" Famous last words :) But in all seriousness, could you use something like this to authenticate your application? Basically making it not possible for anyone outside of your hosted domain to request data from the API?
@DisturbedNeo
@DisturbedNeo 3 часа назад
CORS is better suited for that. You can set it up a policy on your server to say “If a request comes from anywhere other than a specific URL, reject it”, and then give it the URL of your client application so that only requests from your client application are let through.
@CharlesBurnsPrime
@CharlesBurnsPrime 3 часа назад
".NET does not have native JWT integration, so you have to install a Nuget package..." is said like it is a negative thing, but it is a positive one. Why would the core library have support for a specific auth mechanism, of the hundreds that have come and gone?
@nickchapsas
@nickchapsas 3 часа назад
It’s not said as a negative thing. It’s said as an observation
@Assgier
@Assgier 3 часа назад
Also the package is still from Microsoft themselves, thus you don't have to rely on some 3rd party library.
@alanis4AL
@alanis4AL 6 часов назад
When i see you doing it seems graspable Why everyone else claims that authentication and authorization are the holy grail of programming? Concepts so difficult to grasp that you need a doctorate degree!?
@cocoscacao6102
@cocoscacao6102 5 часов назад
It's poorly documented in certain areas, and I've found most of the answers digging through stack overflow. Concepts aren't that difficult, but implementation in .NET can be a she-dog...
@diadetediotedio6918
@diadetediotedio6918 3 часа назад
I never saw anybody saying it is "the holy grail of programming", but it is a difficult problem, yeah.
@maskettaman1488
@maskettaman1488 Минуту назад
Because the hard work is being done for us by people that know a lot more about it than we do. It's effectively lego-by-design specifically because it's so hard to get right.
@richardrawson381
@richardrawson381 2 часа назад
var key="sdfafas"u8; just to learn this notation was worth watching the video 🙂
@phillipkatete634
@phillipkatete634 6 часов назад
Is there a way to add users to the cognito service (rather than users having to enrol)?
@Octopie18
@Octopie18 3 часа назад
The modern way to create JWTs is using the new `JsonWebTokenHandler` class, not the older & slower `JwtSecurityTokenHandler` class.
@nickchapsas
@nickchapsas 3 часа назад
You are right. I used my old codebase for this video instead of the new one that used the WebToken one 🤦
@yaroslavsolodyankin928
@yaroslavsolodyankin928 6 часов назад
Does .dometrain have any support? What is the problem with the video player?
@rennasccenth
@rennasccenth 4 часа назад
Ok, this bg3 reference got u one more like. Are you happy now???
@nickchapsas
@nickchapsas 3 часа назад
What an absolute banger of a game
@I-PixALbI4-I
@I-PixALbI4-I 6 часов назад
What do you mean "Production Ready"? I already implemented JWT to PROD using knowledge from your previous video about JWT! o_0
@panbotuk
@panbotuk 6 часов назад
Title for more views. JWT is so overused that I wouldn't even get involved without it xD
@nickchapsas
@nickchapsas 6 часов назад
Maybe production ready isn't a good term for this. I wanted to say that we're integrating an independent identity service which is what most modern production apps are using. Maybe "Modern" is better
@sachinmaharjan6398
@sachinmaharjan6398 5 часов назад
Hi, NIck, coud you make video about ocelot api gateway with Scalar.AspNetCore
@VanDameDev
@VanDameDev 5 часов назад
I'd suggest using YARP instead..
@sachinmaharjan6398
@sachinmaharjan6398 3 часа назад
@@VanDameDev does YARP can be integrated with scalar for centralize API docs?
@VanDameDev
@VanDameDev 3 часа назад
@@sachinmaharjan6398 If you do include scalar in the ApiGateway(YARP) project, I don't see why not..
@JacobGlanz1234
@JacobGlanz1234 3 часа назад
You’re not explaining what anything means, you’re effectively showing how to copy paste your code
@nickchapsas
@nickchapsas 3 часа назад
There are 500000 videos explaining JWT including mine. Watch those. I just wanna show the implementation
@maskettaman1488
@maskettaman1488 3 минуты назад
You're missing the point of the video if you're expecting a dive in to how JWT works
Далее
Stop Using FirstOrDefault in .NET! | Code Cop #021
12:54
Swagger is Gone in .NET 9! Replace It With This.
9:34
Stop Using Booleans in Your Code! | Code Cop #022
8:47
Testing in .NET is About to Change
12:54
Просмотров 75 тыс.
Should You Use Controllers or Minimal APIs in .NET?
9:57
The Free Way to Create Awesome PDFs in .NET
12:45
Просмотров 52 тыс.
I used Snapdragon X Elite for a week. This Happened
9:05
Using EF Core’s Coolest Feature to Audit in .NET
26:06