Backend for Frontend for ASP.NET Core Authentication

Рет қаралды 14,606

Күн бұрын

Пікірлер: 27

@shakeuk Жыл бұрын

Great video, i feel authentication is the Achilles Heel for a lot of developers, SPAs are great but should not be looking after access/identity tokens as its just not secure.

@jamesterstudio4812 8 ай бұрын

oHey Great video, did you create a github for this coding tutorial?

@fieryscorpion 2 ай бұрын

Could you please make a video of a setup that's like damienbod's *bff-aspnetcore-angular* Git repo?

@RawCoding 2 ай бұрын

that's what this video is no? what is missing?

@fieryscorpion 2 ай бұрын

@@RawCoding I'm sorry but this is quite confusing and after completing the video, I'm completely lost. Which project is the B in BFF here? Backend or BackendAuth? Some diagrams or illustrations would have been massively helpful.

@user-pq9yh Жыл бұрын

If I understood correctly, this pattern means that even if an SPA can authenticate directly by calling the OAuth endpoint, for example when using Auth0, the best practice is to do this only through the backend, or is it something else ?

@RawCoding Жыл бұрын

if you have a SPA and you need to call youtube or facebook, you need a token. BACKEND for FRONTEND stores tokens on the backend and makes correct requests to appropriate api

@tombalabomba3084 9 ай бұрын

How do you redirect to youtube from your view frontend? Does the connect-youtube endpoint send back a redirect url with oidc params?

@jamesterstudio4812 8 ай бұрын

Do you have an example where we are using google for authentication?

@mibli2935 Жыл бұрын

Please consider making a video on how to merge this tutorial with Blazor Webassembly Hosted App. Thanks!

@xardasu3646 6 ай бұрын

Dotwatch ? . Where can I get the CLI ?

@TheAzerue Жыл бұрын

Do you think using Distributed cache in Db is good way to store token against cookie ?

@TheAzerue Жыл бұрын

Hi Very good video. Three question. In a monolith app with no external authentication, just on the same server authentication. Q1. Is storing a token in local storage a bad practice from security point of view, even if we are doing an Api call same server and not on some external server like youtube, facebook ? Q2. If we are hitting apis only on our server, is authenticating a user with username and password is flawed ?. I mean is OpenId Connect still a best practice or it is over kill. Q3. With BFF when using refresh token to get an access token. Is middleware a best play to implement this ? What i understand from your BFF video, is token is stored at backend and with frontend only a small is cookie, that could contain a user-id. And then each an Api is called, we grab the token against that user-Id, populate the ClaimsPrincipal and complete an Api either external or on same server. Thank you again. I'm learning a lot from you Sensi :).

@RawCoding Жыл бұрын

1. I don’t understand why you’d want a token, but yes token in localstorage is not secure storage 2. If it’s same domain, username and password is preferred 3. Watch my refresh token video

@TheAzerue Жыл бұрын

@Raw Coding. Would you agree that using BFF even for same domain is more safer than storing token in local storage ?.

@RawCoding Жыл бұрын

Same domain use cookie

@TheAzerue Жыл бұрын

@@RawCoding For Hybrid application (Mobile and say Angular). Does using cookie still make sense. I mean token like JWT is cross-platform. Although i do agree cookies are more secure on web.

@RawCoding Жыл бұрын

Yes you can still use cookies for them.

@JamesterGo 8 ай бұрын

I tried the fetch thing but it does not redirect to google

@aligeovany4645 Жыл бұрын

hi please share a a video for creating 'SSO' and do that just with pure C# code, I mean don't use Identity Server or etc. Teach this tech with pure code. thanks

@RawCoding Жыл бұрын

Hi, check the playlist there’s a video how to do SSO using cookies