ASP.NET Core JWT Authentication and role-based authorization

Рет қаралды 14,970

Күн бұрын

💻Get the source code: go.dotnetacade...
A solid REST API should make sure that its resources are protected so that only authorized users and clients can get access to them. And thanks to the latest innovations in ASP.NET Core, protecting your Web API could not be easier.
Here I'll show you how to protect your ASP.NET Core Web API in just a few steps.
Topics covered:
00:28 Understanding Token-Based Authentication
01:56 Creating a simple minimal API
08:13 Using JWT authentication and requiring authorization
13:02 Generating tokens with dotnet user-jwts
14:50 Understanding Json Web Tokens (JWT)
21:42 Implementing role based authorization
24:43 Extracting user information via ClaimsPrincipal
33:03 Evaluating user claims
🔥Become a Senior C# Backend Engineer: juliocasal.com...
🗺️Get My Free .NET Backend Developer Roadmap: juliocasal.com...
Join me on Patreon: / juliocasal
Follow me on LinkedIn: / juliocasal
Follow me on X: x.com/julioc
#dotnet #aspnetcore #aspnet

Пікірлер: 28

@damianjankov3343 Ай бұрын

Finally a video where I understood the concept! Thanks

@juliocasal Ай бұрын

Glad it helped!

@vinaysoni4363 Жыл бұрын

This is the amazing explanation regarding Api authentication and authorisation process along with real action demonstration. I really appreciate your efforts to make this concept easy to understand and digest. ❤️

@juliocasal Жыл бұрын

Glad it was helpful, Vinay!

@Kibinas 11 ай бұрын

Great tutorial, I appreciate simplicity and you deliver quality content without any cumbersome code

@juliocasal 11 ай бұрын

Glad you like it!

@praveenverma7470 2 ай бұрын

Great tutorial, learned a new way to test the API without switching to postman, swagger or using curl. 🙂

@juliocasal 2 ай бұрын

Great to hear!

@rohitnaiksawal6925 3 ай бұрын

You are simply Awesome Julio! Thank you for your efforts....

@juliocasal 3 ай бұрын

My pleasure!

@EldonElledge Жыл бұрын

This was very well done and great content. I would like to call out that, it is best practice to use a Reference Token for communicating from the UI to an API, in place of a jwt token. Jwt tokens are still a valid choice to use between services.

@juliocasal Жыл бұрын

Great tip Eldon!

@abdurrehman-bx1yo 9 ай бұрын

Thanks, very much helpful 👌

@juliocasal 9 ай бұрын

Glad it helped!

@messenja2547 Жыл бұрын

Love ur explanation Julio, thanks for sharing

@juliocasal Жыл бұрын

My pleasure!

@testtest-c4z Жыл бұрын

What is the difference between Claim and Signature? what does each one reference?

@juliocasal Жыл бұрын

Claims are the pieces of information being asserted about a subject (the user, typically). The signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

@abdurrehman-bx1yo 7 ай бұрын

Hi, I Have a question. If we do not want to call RequireAuthorization on a endpoint (I just want the user to be authenticated for a specific endpoint and no other things needed like role etc.), it's not even validating the token. I mean, if token is not there it still returns result. What is happening here, could you please explain.

@juliocasal 7 ай бұрын

Without the RequireAuthorization call you basically have an anonymous endpoint. Call RequireAuthorization with no parameters instead.

@sidisidahmed755 Жыл бұрын

Thank you

@flash7919 2 ай бұрын

Thank you for this great tutorial How I can generate a code and make register page and login

@juliocasal 2 ай бұрын

dotnet new blazor -au Individual

@flash7919 2 ай бұрын

@@juliocasal I wanna make a webapi and for front-end I wanna use reactjs how I can make this mix

@awaisshabir9169 Жыл бұрын

Great content

@juliocasal Жыл бұрын

Glad you think so!

@geraldsonperez6287 Жыл бұрын

How would I generate token for the users of my API with this package?

@juliocasal Жыл бұрын

Geraldson, generating tokens for real users involves introducing an identity provider, either built by yourself or already built for you. I cover that in my .NET microservices program, here: dotnetmicroservices.com/building-microservices-with-dotnet