That's how a tutorial should look like! Straight to point with a working example. Love it! 😎🤩

Easy and great setup of how to add authorization to a web application. Well done!

Add my voice to the chorus. Insanely helpful and well-done video, thank you.

Why wasn't I able to find this channel earlier 😭 🤣🤣 I've shared your content with all my colleagues 🙏

Awsm Explanation, Easy to understand

Awsome way of teaching. And working with real scenario.

This is the most simple way of doing JWT , thanks so much

Love the video. I urge you to create video on OAuth with JWT implementation. Complete details on OAuth.

Dude!! Thx for the video! It really helped me out. Right know I'm just reading your blog to understand better the whole code.

good help full, if you want to add more things then add authorization with multiple roles, multi-tenant application authentication.

really nice explanation to the point and explained every point thanks alot

This worked like a charm. Exactly what I was looking for..., Confused with various online material, but this was most clear of all of them...

your tutorial is amazing, the IT community needs more people like you! however, MICROSOFT SUCKS for implementing a million different classes and ways to implement authentication /authorization classes then those classes get deprecated and then the developer will be scrambling for answers to solutions that new core version/framework is trying to introduce! For MS, there is no one universal, non-complex, non-confusing way to create a simple web API with basic authentication, it's like each authentication scheme is created by one developer that is trying to out-do the other developer within their team that has implemented a recent class/code! I hope, I really, really hope, that MS should one day be overtaken by another company or that incoming new developers will instead switch to open source and other tech stacks for web api-related stuff! I will be the first to rejoice if MS will file for bankrupcy one day, or get bought by Apple!

Thank you Nirjhar. Great explanation.I have implemented with your example

Nice video , But I feel it would have been been great for beginners like me , if you had spent some time explaining the usage of each line while configuring authentication in startup and controller class files .

Nice explanation 👌

Excellent content.. very straight forward

Great tutorial, easy to follow and understand. Thanks a lot!

God bless you my friend for this video

Hi, thanks for the tutorial! You keep the content simple and easy wich is great, but for future improvement you could add a real front end, just a login page, 1 or 2 authorized pages and a logout. this way we could see the complete workflow of the jwt and how is stored in page transitions.

Thank you so much for taking the time to make this video and share your knowledge! Excellent. Subscribed :)

Excellent video brother.. I have been looking for this.. Thank you so much 🙏🙌👏👏

Nice and simple video

Very good explanation. thank you .

Very useful information. Thank you sir...

Very good video

very well explained

Amazing video thank you! So clear and concise!

i am big fan of your videos .

Thank you for this very helpful video and sharing your knowledge! Subscribed!

So satisfying keyboard typing.))))

Very quality content. It very helped me to understand this important theme !:)

really helpful to understand the jwt authentication. please make a video on refresh token also

A heartly thanks to you for teaching the tokenization in simple way.

Excellent video, I have shared with my whole team to watch. Thank you. One question, at 15:56 you add the JwtTokenAuthenticationManager to services with the key, but what if you wanted to pass in the DbContext and also maybe the ILogger so the JwtTokenAuthenticationManager can confirm the credentials against the Db. How do you configure the services for the JwtTokenAuthenticationManager in startup to inject those into the class?

Simple and clear example, thank you 👍

Very well explained. Thanks for your effort.

Thanks You. Great... very neat and clean explanation given by you.

Thanks....good explanation

Thanks for your video, a Very Good explanation. I have a suggestion. if you can list out all the dependencies that will be great.

Excellent... keep up the good work

Thank you for all of your tutorial

Excellent Show, thanks much.

Thanks . Perfect video

Great video brother. If you could explain why we are using each commend and its benefits would have been really helpful.

Thank you for this helpful video. Keep doing the good work.

Excellent work explaining this!

Hi. Good video. But what is the purpose of audience nd issuerence?

Thank you for making it easy understanding.

Great video, nicely explained

Thanks a lot for such content. I respect and really admire your huge efforts, for such incredible content. God bless mate.

Great video, i request you to explain the token validation parameter , and token descriptor class properties significance and what situation what value we should set may help great if you do some short video on that portion

Very nicely done. Thank you.

Can you please provide the second part of this tutorial. It is very nice video. Awesome.

Great content 👏👏 , Thank you

Thank you very much! very well explained

This is really good. Thanks..

Great video. Truly helped me out!

Great video. Keep doing the good work

v good video really helped me

Thank you so much for this video! it's really helpful..

Guys I am confused here that the implementation of JWT here is working on O Auth 2.0 mechanism or not?

Awesome keep up the good work

thank you very much

Awesome !!

Nice!

I am able to generate the token. I am also getting the data without authorisation. But when I give the Authorize for the get method I get unauthorised. Could you please help me solve this issue.

Very cool man but how the heck I explain all those classes in an interview lmao, this is like +4 h to learn how to talk about these things.

Thank you man, that is what i sought for

Thank you for the knowledge you shared. What are the headers that I should be using with Postman?

Thank you for your well explained video. If possible, could you please make another video to show, secure an api with azure active directory and consume it from AAD secured react app.

In this JWT is authorized when sent as header in the request. May I know how can the access token be validate as part of query string ?

May I know the use of having the AuthenticationManager interface instead of just having a solid Class? thanks

Thank you this is an awesome video

This is great and I was able to replicate this. However, I'm wondering.. where do refresh tokens come into play?

Thanks for the Awesome Video. But I have a question. If I need to create a Custom Unathorized return message from any POST or GET api, what should I do ?

How we can achieve same thing in MVC and pass token after authentication?

thank you.

Thanks, great video

great

Very nice explanation !!! Just one query I have in simple asp.net api we used Owin and OAuth to generate and validate token but I dint see OAuth implementation in Core is there any reason ?

Really helpful !

Thank You!

this is awesome.. thanks a lot!

how to validate bearer token - if you put post man bearer token its allow to hit the method i want to how to validate bearer token and the method

Good job 👍 .. what about refresh token?

Hi, I see that the AuthenticationHandler class comes under two namespaces. - Microsoft.AspNetCore.Authentication - Microsoft.Owin.Security.Infrastructure could you please explain what factors decide the namespace I need to use.

Hi bro can you make a video on how to renew the expired token when user is in actively using webapi and web application

how would i get user data from token such as username ?

Thanks for the tutorial. You are explaining the concepts very well. Could you please give some suggestions on this? What are the ways to store a JWT token securely on client side. We can use cookies or local storage. But, however someone/ anonymous will able to see the token by using some debugging tools and they can mock the same request and use it in outside of the application. How we can avoid it? Thanks.

Hi Thaks for the video, I have a couple of questions . can you please clarify this? 1. I got a token from the server. I just passed it to someone to use this token. he could able to access the API with the token until it expires. How can we restrict this? 2. I got a token from the server with an expiry time of 15 min. before 15 min I hit token controller and got another token with an expiry time of 15 min. Now I have two tokens with valid time. will the two tokens work? or only the latest one? if so how can we validate?

Hi, why did you uncheck the "Configure for HTTPS" and check "Docker enabled" option while creating the project? It'll be really helpful info if you tell us.

Hi thank you for posting this video. I find it very helpful. I have one question regarding the authentication step though. After receiving the token with a valid username + password combination and entering it as Authorization : Bearer[whitespace]token, the Get step still throws a 401 error. Any idea of what may cause this? Thanks!

My Authorization header is missing IDK why but I don't have problems with other headers, is there a way to change the header name?

im getting 404 not found in get when im trying to get values1 and values 2

why do we need to "var tokenKey = Encoding.ASCII.GetBytes(key); "

Thanks man.

Hi, At timeline of 10:23 in this video, I have two questions here. 1) Why you used SecurityTokenDescriptor (from Microsoft.IdentityModel.Tokens); why not JwtSecurityToken (from System.IdentityModel.Tokens.Jwt)? 2) What is the difference between Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor and System.IdentityModel.Tokens.Jwt.JwtSecurityToken classes? When to use which?.

Thanks for the video. I followed exactly like you said. The token expiry I set as : Expires = DateTime.UtcNow.AddMinutes(Convert.ToDouble("20")); So, as you see I have set 20 minutes. I submit Authenticate request -> I get access_token, thats great! Now, I submit other API request with this access_token as bearer, I get the response as expected. Now, after 20 minutes, I try hitting the same endpoint, I still get response, even though 20 minutes have passed already. What am I missing? Please help.

Nice one ... can we apply same for MVC 5