No video :(

JWT Refresh Token with Asp.net Web API 8 and C#

Подписаться 1,8 тыс.

Просмотров 6 тыс.

50% 1

This video discusses how to make the Asp.net applications more secure using RefreshToken.
Buy me a coffee: buymeacoffee.com/foadalavix
Patreon: / foadalaviyoutube
⏱️VIDEO CHAPTERS⏱️⏱️
00:00 - Intro
00:16 - Project Structure Explain
04:13 - What is a Refresh token
06:40 - Simple Refresh Token Implementation
14:03 - Making the refresh Token secure
35:56 - Clockskew
🔔 Subscribe for more tips just like this: www.youtube.com/@Foad_Alavi?s...
Learn how to implement secure authentication for your ASP.NET Core Web API application using ASP.NET Identity and JSON Web Tokens (JWT) and refresh the tokens after expirations without asking the users to send their username and password again.
Test the Expiration of a token and explain the strange behavior of token expiry and Clockskew property.
GitHubRepo: github.com/foadalavi/ASP.NET/...
ASP.Net Core Playlist: • ASP.Net Core
#csharp #dotnet #aspdotnetcore #webapi #identity #jwt #RefreshToken

Опубликовано:

5 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 26

@marceloleoncaceres6826 5 месяцев назад

Thanks for the tutorial. I'm one of those expecting the video about requesting another token based on the initial token and the refresh token. Thanks in advance.

@augustorobles9931 2 месяца назад

Great video! It helps me a lot to understand this topic!

@Drikus19 5 месяцев назад

Great video, thanks. You explained everything very well and made it easy to understand.

@Foad_Alavi 5 месяцев назад

I am glad it was helpful!

@hesamkalhor3263 5 месяцев назад

Great video! 👌 The details and explanations provided were excellent 🤓. Thank you for sharing it, and I am looking forward to the next one. 😊

@Foad_Alavi 5 месяцев назад

Glad you enjoyed it!

@jayw2712 5 месяцев назад

Great video! Helped me out greatly!

@Foad_Alavi 5 месяцев назад

Glad to hear it!

@pt_trainer9244 2 месяца назад

Thank you,

@askarmoslehipoor171 5 месяцев назад

Damet garm dadash

@Foad_Alavi 5 месяцев назад

MerC🙏 Glad you liked dadash.❤️ The reason I am answering you in English is that RU-vid blocks some comments and I don’t know what is the algorithm but based on my experience if it is not in English and understandable, sometimes it gets blocked. I prefer for more videos about security of JT and how to share it using public key and private key which we uploaded next week. Do not miss them.

@davood7497 6 месяцев назад

Good job !!!

@Foad_Alavi 6 месяцев назад

Thanks!!

@Tamer_Ali 5 месяцев назад

Thanks a lot for that awesome video. you discussed the topics I was looking for like Using Refresh Token with Jwt Token What if the user disabled from backend or database and he already authenticated in the frontend app You awesome.Keep going

@Foad_Alavi 5 месяцев назад

It really depends on the way of authorization. As long as the token is valid, the user is authenticated. If you check the user access on each request by going to the database, you can realize if the user is disabled but if you are checking the permissions, based on the claims inside the token, you need to wait until the token is expired And it is another reason to expire the token as fast as possible, as an example after half an hour, and force the user to use the refresh token. When you call the refresh can check the database again, and if the user is disabled or deleted from the database, it returns on authorized response. I’m uploading some other videos about how to use RSA and public key and private key for JT authentication next week. Do not miss them.

@Tamer_Ali 5 месяцев назад

@@Foad_Alavi any plan for a video for end to end encryption as whatsApp do?

@Foad_Alavi 5 месяцев назад

This week I will upload three videos about encryption using public and private key. The concept for end to end encryption is the same. Watch those videos and after that if you had any questions just write a comment and I will try to answer it.

@sauravbhatta5303 6 месяцев назад

Long time dude

@siddharthprabhakar9353 20 дней назад

❤

2 месяца назад

Thanks a lot! How to refresh token automatically?

@zedshockblade7157 6 месяцев назад

Can I request access and refresh tokens with JWT using cookies instead of JWT bearer? Instead of reading the bearer token on every authorized controller, you read the JWT inside the access token cookies. If it expires, you check the refresh token and generate a new access token. I know how to do this with Node but don't know how in .NET Core.

@Foad_Alavi 6 месяцев назад

It is possible, but I don't suggest it. You need to create your own middleware for it. Asp.net has an standard approach for using Cookie based Authentication. You don't need to store store JWT in the cookie, Asp validate the security by itself. Check my video about Cookie based Authentication. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-3B5gfrJpMN8.html

@zedshockblade7157 6 месяцев назад

@@Foad_Alavi Thanks gonna check it out now. Another question, With JWT bearer-type authentication, if you send the JWT to the client as a response, where do you suggest the client store it Aside from local storage? like where should it be persisted, so that it can be attached as a bearer token on every backend request that requires authentication?

@Foad_Alavi 6 месяцев назад

I use Angular for my front end, and I have a kind of Repository Pattern that all my controllers send the requests through. When my design sends all requests from just one method, I can add a header or cookie to all requests I send to the server. Regarding where to persist the token on the client browser, I use Angular DI. You can use local storage as well.

@jayakumar2927 5 месяцев назад

how to consume Angular

@Foad_Alavi 5 месяцев назад

It depends. If you don’t annotate your refresh token endpoint with an authorized attribute, it means clients after the expiration of the token can refresh their tokens, but if you use the [Authorize], it means clients should refresh the token before the expiration. For the first one, you can use the repository pattern in angular, and for receiving an authorized response, send a request to refresh the token. And for the latter, you need to have a timer in your repository and send a request for refreshing the token before the token's expiration If more people have this request, I will create a video about how to do that using angular.