That's how a tutorial should look like! Straight to point with a working example. Love it! 😎🤩
@DotNetCoreCentral Жыл бұрын
Thanks!
@drakZes3 жыл бұрын
Easy and great setup of how to add authorization to a web application. Well done!
@DotNetCoreCentral3 жыл бұрын
@Francois Smit, thanks for watching!
@darizardTheDargon2 жыл бұрын
Add my voice to the chorus. Insanely helpful and well-done video, thank you.
@DotNetCoreCentral2 жыл бұрын
Thanks!
@ProperComment3 жыл бұрын
Why wasn't I able to find this channel earlier 😭 🤣🤣 I've shared your content with all my colleagues 🙏
@DotNetCoreCentral3 жыл бұрын
@The Red Baron, thanks for watching. I hope everyone you have shared with will find it useful.
@naveen.bhardwaj2 жыл бұрын
Awsm Explanation, Easy to understand
@avtarsashia48973 жыл бұрын
Awsome way of teaching. And working with real scenario.
@DotNetCoreCentral3 жыл бұрын
@Avtar Sashia, thanks for watching!
@junaidm10383 жыл бұрын
This is the most simple way of doing JWT , thanks so much
@DotNetCoreCentral3 жыл бұрын
@junaid m, thanks for watching!
@DevKumar-nh6vk Жыл бұрын
Love the video. I urge you to create video on OAuth with JWT implementation. Complete details on OAuth.
@DotNetCoreCentral Жыл бұрын
Thanks, will do!
@R2d2ums3 жыл бұрын
Dude!! Thx for the video! It really helped me out. Right know I'm just reading your blog to understand better the whole code.
@DotNetCoreCentral3 жыл бұрын
@Carlos Daza, thanks!
@pankitpatel19874 жыл бұрын
good help full, if you want to add more things then add authorization with multiple roles, multi-tenant application authentication.
@DotNetCoreCentral4 жыл бұрын
Thanks for the suggestion!
@nirbhaysinghverynice5880 Жыл бұрын
really nice explanation to the point and explained every point thanks alot
@Ram-yk7yl3 жыл бұрын
This worked like a charm. Exactly what I was looking for..., Confused with various online material, but this was most clear of all of them...
@DotNetCoreCentral3 жыл бұрын
@Ra m, thanks for watching the video, and glad this video helped you!
@STUPIDYOUTUBE_HIDINGMSGS2 жыл бұрын
your tutorial is amazing, the IT community needs more people like you! however, MICROSOFT SUCKS for implementing a million different classes and ways to implement authentication /authorization classes then those classes get deprecated and then the developer will be scrambling for answers to solutions that new core version/framework is trying to introduce! For MS, there is no one universal, non-complex, non-confusing way to create a simple web API with basic authentication, it's like each authentication scheme is created by one developer that is trying to out-do the other developer within their team that has implemented a recent class/code! I hope, I really, really hope, that MS should one day be overtaken by another company or that incoming new developers will instead switch to open source and other tech stacks for web api-related stuff! I will be the first to rejoice if MS will file for bankrupcy one day, or get bought by Apple!
@RahulKumar-tf3cx2 жыл бұрын
Thank you Nirjhar. Great explanation.I have implemented with your example
@DotNetCoreCentral2 жыл бұрын
@Rahul Sharma, thanks for watching!
@kiranbs50573 жыл бұрын
Nice video , But I feel it would have been been great for beginners like me , if you had spent some time explaining the usage of each line while configuring authentication in startup and controller class files .
@DotNetCoreCentral3 жыл бұрын
@Kiran BS, thanks for watching, and thanks for your valuable feedback, I will surely keep this in mind.
@funnytoddler3752 жыл бұрын
Nice explanation 👌
@DotNetCoreCentral2 жыл бұрын
@Funny Toddler, thanks!
@vigneashselvaraj3592 Жыл бұрын
Excellent content.. very straight forward
@DotNetCoreCentral Жыл бұрын
Thanks!
@ghkpr3 жыл бұрын
Great tutorial, easy to follow and understand. Thanks a lot!
@DotNetCoreCentral3 жыл бұрын
@gh057k33p3r, thanks for watching the video!
@davidemmanuel30013 жыл бұрын
God bless you my friend for this video
@DotNetCoreCentral3 жыл бұрын
@DAVID EMMANUEL, thanks for watching!
@pedromoura87314 жыл бұрын
Hi, thanks for the tutorial! You keep the content simple and easy wich is great, but for future improvement you could add a real front end, just a login page, 1 or 2 authorized pages and a logout. this way we could see the complete workflow of the jwt and how is stored in page transitions.
@DotNetCoreCentral4 жыл бұрын
Pedro Moura thanks for the suggestions. I’ll definitely work on that. Thanks again for watching the video.
@marrelicious67312 жыл бұрын
@@DotNetCoreCentral Did you ever make this video?
@lengoctuan52172 жыл бұрын
@@DotNetCoreCentral Did you ever make this video?
@DotNetCoreCentral2 жыл бұрын
@@lengoctuan5217 no, I never got to it.
@lengoctuan52172 жыл бұрын
@@DotNetCoreCentral Thanks brother for the reply. Your video is very helpful.
@mmsky3 жыл бұрын
Thank you so much for taking the time to make this video and share your knowledge! Excellent. Subscribed :)
@DotNetCoreCentral3 жыл бұрын
@Monica S, thanks for watching!
@PraveenKumar-ft2kr3 жыл бұрын
Excellent video brother.. I have been looking for this.. Thank you so much 🙏🙌👏👏
@DotNetCoreCentral3 жыл бұрын
@Praveen Kumar, thanks for watching!
@eryogeshtripathi88883 жыл бұрын
Nice and simple video
@DotNetCoreCentral3 жыл бұрын
@Yogesh Tripathi, thanks for watching!
@nileshmore18202 жыл бұрын
Very good explanation. thank you .
@vinayakkatti40283 жыл бұрын
Very useful information. Thank you sir...
@DotNetCoreCentral3 жыл бұрын
@Vinayak Katti, thanks for watching!
@SoftwareMahima20242 жыл бұрын
Very good video
@DotNetCoreCentral2 жыл бұрын
@Raj Raj, thanks for watching!
@aditisen202 жыл бұрын
very well explained
@DotNetCoreCentral2 жыл бұрын
Thanks!
@brettgregory36222 жыл бұрын
Amazing video thank you! So clear and concise!
@DotNetCoreCentral2 жыл бұрын
@Brett Gregory, thanks for watching!
@ashutoshmishra21703 жыл бұрын
i am big fan of your videos .
@DotNetCoreCentral3 жыл бұрын
@Ashutosh Mishra, thanks for watching!
@alibux3 жыл бұрын
Thank you for this very helpful video and sharing your knowledge! Subscribed!
@DotNetCoreCentral3 жыл бұрын
@Rehan Alibux, thanks for watching the video and subscribing to my channel!
@rdoskoch2 жыл бұрын
So satisfying keyboard typing.))))
@DotNetCoreCentral2 жыл бұрын
@Roman Doskoch, thanks!
@evaapperson17602 жыл бұрын
Very quality content. It very helped me to understand this important theme !:)
@DotNetCoreCentral2 жыл бұрын
@Eva Apperson, thanks for watching!
@jashsudip3 жыл бұрын
really helpful to understand the jwt authentication. please make a video on refresh token also
@DotNetCoreCentral3 жыл бұрын
@Sudip Jash, thanks for watching. I already have a video on refresh token on my channel.
@iyashasgowda3 жыл бұрын
A heartly thanks to you for teaching the tokenization in simple way.
@DotNetCoreCentral3 жыл бұрын
@Yashas Gowda, thanks for watching!
@amjster2 жыл бұрын
Excellent video, I have shared with my whole team to watch. Thank you. One question, at 15:56 you add the JwtTokenAuthenticationManager to services with the key, but what if you wanted to pass in the DbContext and also maybe the ILogger so the JwtTokenAuthenticationManager can confirm the credentials against the Db. How do you configure the services for the JwtTokenAuthenticationManager in startup to inject those into the class?
@inmywaythings2 жыл бұрын
Simple and clear example, thank you 👍
@DotNetCoreCentral2 жыл бұрын
Thanks for watching!
@SohailKhan19813 жыл бұрын
Very well explained. Thanks for your effort.
@DotNetCoreCentral3 жыл бұрын
@Sohail Sarwar, thanks for watching!
@pritamdeokule2 жыл бұрын
Thanks You. Great... very neat and clean explanation given by you.
@DotNetCoreCentral2 жыл бұрын
@Pritam Deokule, thanks for watching!
@shsikzuhair43932 жыл бұрын
Thanks....good explanation
@DotNetCoreCentral2 жыл бұрын
@Shsik zuhair, thanks!
@jvvable3 жыл бұрын
Thanks for your video, a Very Good explanation. I have a suggestion. if you can list out all the dependencies that will be great.
@DotNetCoreCentral3 жыл бұрын
@jvv (vvj), thanks for watching and the suggestion!
@Imran-mr6fv3 жыл бұрын
Excellent... keep up the good work
@DotNetCoreCentral3 жыл бұрын
@Abc Xyz, thanks for watching!
@Whisper_Jonas2 жыл бұрын
Thank you for all of your tutorial
@DotNetCoreCentral2 жыл бұрын
@Monsieur Bobel, thanks for watching!
@stephenviswaraj74633 жыл бұрын
Excellent Show, thanks much.
@DotNetCoreCentral3 жыл бұрын
@Stephen Viswaraj, thanks for watching!
@codewithsakti81977 ай бұрын
Thanks . Perfect video
@DotNetCoreCentral6 ай бұрын
You're welcome!
@kadavilk3 жыл бұрын
Great video brother. If you could explain why we are using each commend and its benefits would have been really helpful.
@DotNetCoreCentral3 жыл бұрын
@Kishor Kadavil, thanks for watching and great feedback, I will work on this.
@hindachokri54633 жыл бұрын
Thank you for this helpful video. Keep doing the good work.
@DotNetCoreCentral3 жыл бұрын
@Hinda Chokri, thanks for watching and taking the time to provide a comment!
@knightmarerip7113 жыл бұрын
Excellent work explaining this!
@DotNetCoreCentral3 жыл бұрын
@Knightmare RIP, thanks for watching!
@Uzair_Anwar22992 жыл бұрын
Hi. Good video. But what is the purpose of audience nd issuerence?
@AjithChanaka3 жыл бұрын
Thank you for making it easy understanding.
@DotNetCoreCentral3 жыл бұрын
@Ajith Chanaka, thanks for watching!
@sps0143 жыл бұрын
Great video, nicely explained
@DotNetCoreCentral3 жыл бұрын
@Shivendra P. Singh, thanks for watching!
@cheequsharma7391 Жыл бұрын
Thanks a lot for such content. I respect and really admire your huge efforts, for such incredible content. God bless mate.
@DotNetCoreCentral Жыл бұрын
Thanks a ton
@priyanshu40163 жыл бұрын
Great video, i request you to explain the token validation parameter , and token descriptor class properties significance and what situation what value we should set may help great if you do some short video on that portion
@DotNetCoreCentral3 жыл бұрын
@Web Samurai, thanks for watching, I will try to do a video for that.
@georgetuccio60532 жыл бұрын
Very nicely done. Thank you.
@nafeeskhan82493 жыл бұрын
Can you please provide the second part of this tutorial. It is very nice video. Awesome.
@DotNetCoreCentral3 жыл бұрын
@Nafees Khan, thanks for watching! What are you expecting in the second part?
@sri38842 жыл бұрын
Great content 👏👏 , Thank you
@juliangzr49983 жыл бұрын
Thank you very much! very well explained
@DotNetCoreCentral3 жыл бұрын
@Julian GZR , thanks for watching!
@bhanushkaekanayake99883 жыл бұрын
This is really good. Thanks..
@DotNetCoreCentral3 жыл бұрын
@Bhanushka Ekanayake, thanks for watching!
@sanderconstantin20162 жыл бұрын
Great video. Truly helped me out!
@gautamsaraswat15414 жыл бұрын
Great video. Keep doing the good work
@DotNetCoreCentral4 жыл бұрын
Gautam Saraswat thanks for watching!
@NadirFirfire2 жыл бұрын
v good video really helped me
@DotNetCoreCentral2 жыл бұрын
Thanks!
@sachindeshmukh55323 жыл бұрын
Thank you so much for this video! it's really helpful..
@DotNetCoreCentral3 жыл бұрын
@sachin deshmukh, thanks for watching!
@usmansiddiqui1854 Жыл бұрын
Guys I am confused here that the implementation of JWT here is working on O Auth 2.0 mechanism or not?
@rahulmathew87133 жыл бұрын
Awesome keep up the good work
@DotNetCoreCentral3 жыл бұрын
@Rahul Mathew, thanks for watching!
@bergurmg2 жыл бұрын
thank you very much
@DotNetCoreCentral2 жыл бұрын
@bergurmg, thanks for watching!
@habeebafvan51922 жыл бұрын
Awesome !!
@DotNetCoreCentral2 жыл бұрын
@habeeb afvan, thanks!
@neilvermeulen52832 жыл бұрын
Nice!
@hhcruz19992 жыл бұрын
I am able to generate the token. I am also getting the data without authorisation. But when I give the Authorize for the get method I get unauthorised. Could you please help me solve this issue.
@ZnSstr3 жыл бұрын
Very cool man but how the heck I explain all those classes in an interview lmao, this is like +4 h to learn how to talk about these things.
@STUPIDYOUTUBE_HIDINGMSGS3 жыл бұрын
yeah, tha's the problem, right? we can't explain those complicated classes and a simple missed class then the authentication won't work!
@ZnSstr3 жыл бұрын
@@STUPIDKZbin_HIDINGMSGS problem is they ask for example how would you implement "JwtSecurityTokenHandler" and if you are a junior, unexperienced you can't give a straight asnwer, so the solution is to research about all those classes used and have an idea how they are implemented because in interviews they need one reason to not hire you.
@STUPIDYOUTUBE_HIDINGMSGS3 жыл бұрын
@@ZnSstr This implementation and those classes are hard, even for mid-level and senior, unless they've memorized it or have coded that same code a few hundred times over and over. But who will remember those stuff now that everything changes and there's no one fixed implementation of JWT security? I think I've watched like 10 JWT security videos here in YT and every one of them is coded differently so it's very hard to remember which one works on certain implementation! I missed the times when there's not much security on web services and there's no REST or Web Api and WCF, just plain ASMX services.
@marcotaliente47853 жыл бұрын
Thank you man, that is what i sought for
@DotNetCoreCentral3 жыл бұрын
@Marco Taliente, thanks for watching, and glad this video helped you!
@jspalding704 жыл бұрын
Thank you for the knowledge you shared. What are the headers that I should be using with Postman?
@DotNetCoreCentral4 жыл бұрын
In header you have to put “bearer token”
@majichayan4 жыл бұрын
Thank you for your well explained video. If possible, could you please make another video to show, secure an api with azure active directory and consume it from AAD secured react app.
@DotNetCoreCentral4 жыл бұрын
majichayan I’ll definitely try. Thanks for the suggestion and thanks for watching.
@vigneashselvaraj3592 Жыл бұрын
In this JWT is authorized when sent as header in the request. May I know how can the access token be validate as part of query string ?
@DotNetCoreCentral Жыл бұрын
its a good practice to send token as part of header, but nothing stops you from sending token in query string, there are use cases like websocket where you might need to pass it in query string
@ch19952 жыл бұрын
May I know the use of having the AuthenticationManager interface instead of just having a solid Class? thanks
@ajbotha72323 жыл бұрын
Thank you this is an awesome video
@DotNetCoreCentral3 жыл бұрын
@Aj Botha, thanks for watching!
@mrjamiebowman3 жыл бұрын
This is great and I was able to replicate this. However, I'm wondering.. where do refresh tokens come into play?
@DotNetCoreCentral3 жыл бұрын
@Jamie Bowman, refresh token comes to play when as an app you want to extend the token lifetime of the user without asking the user to enter id/pwd again for a new token after the initial token expired. The classic example will be a mobile application.
@deepjyotyroy66763 жыл бұрын
Thanks for the Awesome Video. But I have a question. If I need to create a Custom Unathorized return message from any POST or GET api, what should I do ?
@DotNetCoreCentral3 жыл бұрын
@Deepjyoty Roy, thanks for watching! In your scenario, you can remove the Authorize attribute and inside of each method check for User.Identity.IsAuthenticated, and based on that throw Unauthorised with you custom messages per method.
@BhautikDalicha2 жыл бұрын
How we can achieve same thing in MVC and pass token after authentication?
@prvs82 жыл бұрын
thank you.
@hdjfgt3 жыл бұрын
Thanks, great video
@DotNetCoreCentral3 жыл бұрын
@hdjfgt, thanks for watching!
@user-bi5vo2bo9f3 жыл бұрын
great
@DotNetCoreCentral3 жыл бұрын
thanks!
@girijesh-mca4 жыл бұрын
Very nice explanation !!! Just one query I have in simple asp.net api we used Owin and OAuth to generate and validate token but I dint see OAuth implementation in Core is there any reason ?
@DotNetCoreCentral4 жыл бұрын
OAuth can be implemented by a middleware. I do not see any reason why it cannot be. I will give it a try. I did not have the need yet, hence I did not try it yet. I will post my video after I try it out. Thanks for the question.
@girijesh-mca4 жыл бұрын
@@DotNetCoreCentral Thank you so much.
@mariankurtov70033 жыл бұрын
Really helpful !
@DotNetCoreCentral3 жыл бұрын
@Marian Kurtov, thank you for watching!
@johnmagnetron37373 жыл бұрын
Thank You!
@DotNetCoreCentral3 жыл бұрын
@John Magnetron, thanks for watching!
@Engineer_With_A_Life3 жыл бұрын
this is awesome.. thanks a lot!
@DotNetCoreCentral3 жыл бұрын
@ayush singh, thanks for watching!
@RameshKumar-so8lp3 жыл бұрын
how to validate bearer token - if you put post man bearer token its allow to hit the method i want to how to validate bearer token and the method
@DotNetCoreCentral3 жыл бұрын
@Ramesh Kumar, in the controller you will need to do this: if (!User.Identity.IsAuthenticated) return Unauthorized(); Rest will be taken care of by the middleware.
@alihaydar30213 жыл бұрын
Good job 👍 .. what about refresh token?
@DotNetCoreCentral3 жыл бұрын
@ Ali Haydar, thanks for watching! kzbin.info/www/bejne/bXuzaIlrbr1kqc0
@varmasanjaym4 жыл бұрын
Hi, I see that the AuthenticationHandler class comes under two namespaces. - Microsoft.AspNetCore.Authentication - Microsoft.Owin.Security.Infrastructure could you please explain what factors decide the namespace I need to use.
@DotNetCoreCentral4 жыл бұрын
@sanjay varma, Microsoft.Owin.Security.Infrastructure is the legacy namespace. If you are using ASP.Net Core 3.1 you should be using Microsoft.AspNetCore.Authentication .
@namburinaveen54923 жыл бұрын
Hi bro can you make a video on how to renew the expired token when user is in actively using webapi and web application
@DotNetCoreCentral3 жыл бұрын
@namburi naveen, thanks for watching. I can do that.
@jeremyolu27872 жыл бұрын
how would i get user data from token such as username ?
@SaravanaKumar-bt5xn4 жыл бұрын
Thanks for the tutorial. You are explaining the concepts very well. Could you please give some suggestions on this? What are the ways to store a JWT token securely on client side. We can use cookies or local storage. But, however someone/ anonymous will able to see the token by using some debugging tools and they can mock the same request and use it in outside of the application. How we can avoid it? Thanks.
@DotNetCoreCentral4 жыл бұрын
Saravana Kumar I’m afraid there is not many choices for storing token securely on client side. Your best bet is local storage. But in terms of avoiding security threats keep your token expiry shorter. So that even if it’s stolen it cannot be used for a longer period.
@SaravanaKumar-bt5xn4 жыл бұрын
@@DotNetCoreCentral Thank you so much for replying me. Will we use refresh token to overcome this issue?
@DotNetCoreCentral4 жыл бұрын
@@SaravanaKumar-bt5xn yes, that's usually better.
@chandusubhakarareddysatti35693 жыл бұрын
Hi Thaks for the video, I have a couple of questions . can you please clarify this? 1. I got a token from the server. I just passed it to someone to use this token. he could able to access the API with the token until it expires. How can we restrict this? 2. I got a token from the server with an expiry time of 15 min. before 15 min I hit token controller and got another token with an expiry time of 15 min. Now I have two tokens with valid time. will the two tokens work? or only the latest one? if so how can we validate?
@DotNetCoreCentral3 жыл бұрын
@Chandu Subhakara Reddy Satti 1. If you pass the token to someone else purposefully, there is nothing that can be done here right. Until the token expires that person will have access to your API unless you keep all tokens in storage and check against that, in which case you can flag the token. 2. It depends if you are keeping the tokens in storage, in that case, you can have an implementation of invalidating older tokens when you send out new tokens. Otherwise, both will be valid.
@shubhamshaw23603 жыл бұрын
Hi, why did you uncheck the "Configure for HTTPS" and check "Docker enabled" option while creating the project? It'll be really helpful info if you tell us.
@DotNetCoreCentral2 жыл бұрын
@Shubham Shaw, there is no particular reason. You can keep both enabled.
@johnnybravo8932 Жыл бұрын
If you configure https you will need SSL certificate. While running in localhost you can do with http.
@xinyuhou65352 жыл бұрын
Hi thank you for posting this video. I find it very helpful. I have one question regarding the authentication step though. After receiving the token with a valid username + password combination and entering it as Authorization : Bearer[whitespace]token, the Get step still throws a 401 error. Any idea of what may cause this? Thanks!
@denespapp19632 жыл бұрын
you can raise the logging level in the config and you can see the exact issue resulting in 401
@tertulianeo3 жыл бұрын
My Authorization header is missing IDK why but I don't have problems with other headers, is there a way to change the header name?
@DotNetCoreCentral3 жыл бұрын
@tertulianeo, how are you passing the header? can you share the code?
@tertulianeo3 жыл бұрын
@@DotNetCoreCentral ty, it was a problem with my cloud front
@DotNetCoreCentral3 жыл бұрын
@@tertulianeo great to hear your issue is resolved!
@shashivishw8033 жыл бұрын
im getting 404 not found in get when im trying to get values1 and values 2
@DotNetCoreCentral3 жыл бұрын
@shashi vishw, if you can share your code in GitHub I can take a look, thanks.
@furkand2753 жыл бұрын
why do we need to "var tokenKey = Encoding.ASCII.GetBytes(key); "
@DotNetCoreCentral3 жыл бұрын
@Furkan D, thanks for watching! We need to pass byte array for the key, hence we need to get bytes from the string.
@finishthecarrot44933 жыл бұрын
Thanks man.
@DotNetCoreCentral3 жыл бұрын
@Finish The Carrot, thanks for watching the video!
@ravindranaths5134 жыл бұрын
Hi, At timeline of 10:23 in this video, I have two questions here. 1) Why you used SecurityTokenDescriptor (from Microsoft.IdentityModel.Tokens); why not JwtSecurityToken (from System.IdentityModel.Tokens.Jwt)? 2) What is the difference between Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor and System.IdentityModel.Tokens.Jwt.JwtSecurityToken classes? When to use which?.
@DotNetCoreCentral4 жыл бұрын
@Ravindranath S, JwtSecurityTokenHandler expects SecurityTokenDescriptor from Microsoft.IdentityModel.Tokens, hence. You can use JwtSecurityToken to create token, in that case, you will need to call WriteToken, instead of CreateToken on the JwtSecurityTokenHandler instance.
@iamsidthebest0073 жыл бұрын
Thanks for the video. I followed exactly like you said. The token expiry I set as : Expires = DateTime.UtcNow.AddMinutes(Convert.ToDouble("20")); So, as you see I have set 20 minutes. I submit Authenticate request -> I get access_token, thats great! Now, I submit other API request with this access_token as bearer, I get the response as expected. Now, after 20 minutes, I try hitting the same endpoint, I still get response, even though 20 minutes have passed already. What am I missing? Please help.
@DotNetCoreCentral3 жыл бұрын
@Sid N, thanks for watching. I will take a look and let you know.