Thank you! I'm glad you enjoyed the video. That's what I try to do in all of my videos. My goal is to always show things in the context of the real world. How they would be used, when to use them, what the best practices are, etc.

@@IAmTimCorey Absolutely correct.

Awesome! Congrats on the new job!

Thanks for sharing.

This helped me, thanks

@@daviddow5591 Ur welcome)

Thank you, this was driving me crazy.

Thanks, was stuck for a while on this one.

You are welcome.

Thank you! I'm glad you are enjoying the videos.

You are most welcome. Thanks for watching.

I am glad my content has been helpful.

I try. Thanks for watching.

I am glad you are getting so much value out of it.

You are most welcome. Thanks for watching.

Make sure to like this so that it will become a top comment. I have spent hours and hours trying to figure this issue out. When I posted a comment about it, it was deleted, because of this comment I guess. So if we make this a top comment it will show up out of 600+. Thank you.

Thank you!

Thanks!

Awesome!

Glad you enjoyed it

Yes, it does add functionality. It just takes longer on video to display.

You're very welcome!

Thank you!

You are welcome.

I am glad it was helpful.

Thanks! Will do!

@@IAmTimCorey Good

Awesome!

Correct. Thanks for sharing.

Thanks for your help.

Thank you!

I was also wondering about this. My assumption was probably because it's buried deep within metadata somewhere. Meaning, it's baked into C# where as what we're seeing is an application similar to what we'd build on top of it. To prove my assumption, I began my F12 (Go to definition) journey. Here's the path if anyone's interested: Startup.Auth.cs line 39 ApplicationOAuthProvider line 53 OAuthTokenEndpointContext line 12 OAuthAuthorizationServerOptions line 33 comment has "/Token" in the summary. How this all works is waaay beyond my skill level. Everything else we see when we click on API is under Areas => HelpPage => Views => Help. I probably made like 1% dent to your question and my ever growing curiosity but, progress is progress :) Hope it did help though.

You're very welcome!

I don't have a video on that yet (not specifically). That sounds like a good suggestion. I'll add it to the list.

lol, I'm glad. Any time I can make a person laugh when we are writing API code, I call it a win.

Excellent! Yep, I get that there are some things that you don't really want to do normally but having a well-rounded education is key in the job market.

You are welcome.

Thanks. I'll add Postman to the suggestion list. That probably deserves a video of its own, although we will also use it more in this series, I'm sure.

Good suggestion. I'll see what I can do.

Thank you!

Thank you!

thank you!

Yep, thanks for sharing.

Thanks!

Thank you!

Crazy how much this stuff changes in the span of several months.... just another thing you've got learn to roll with I guess.

Yep.

Thanks!

Thanks!

We start with .NET Framework, then upgrade to .NET Core 3.1, and then upgrade to .NET 5. Doing it this way will give you experience with the upgrade process, not just in the final version.

@@IAmTimCorey Thanks a ton. You are amazing!

Thank you!

Thank you!

Thank you!

You are welcome. I'm glad it helped.

I'm glad.

Thanks for trusting Tim to help you thru that.

We change that later. It should be POST. Good catch.

You can do this. Just take it one step at a time. You may also want to consider this video - kzbin.info/www/bejne/mGWqq5WQnc94Z6M

Thanks for clarifying.

Great!

Thanks for the suggestion. Please add it to the list on the suggestion site so others can vote on it as well: suggestions.iamtimcorey.com/

@@IAmTimCorey SUre !

It will be. We have to build it first.

Excellent!

Yes, but it is clearer to look at the method signature and tell what it is returning if you specify the actual type. Also, I could replace that OK statement with my own that doesn't have the type and still return it.

Awesome!

I am glad you are enjoying it.

You're very welcome!

Excellent!

The token is encoded, not encrypted. That means that the API can decode the token and see the various parts. One of those parts is an encrypted version of the secret key that was used. The API compares that secret key to what it has for a secret key. If the two match, it trusts the token.

@@IAmTimCorey Thank you 🙂

I also am confused by where the token lives. Is it in the database somewhere?

In the .NET Framework, the two are tightly tied together. In .NET Core, which we will upgrade this to in this series, we can more easily separate out API from MVC. They both run off the same base, but we don't need to bring in the MVC parts if we don't want them.

@@IAmTimCorey Thank you for the quick reply! Keep it up :)

You are welcome.

@@IAmTimCorey Hi, thanks for responding. I feel I ought to give you an update. I have learned a load of info along the way. I have set up the models and scaffold-ed controller / views. I am kind of stuck from there (first experience with the whole dot net and web-dev in general). But it's been pretty fun and asp dot net core is well structured, Microsoft docs are helpful and 1 day is not enough in any case. Thank you again.

The only SQL connection we have right now is the authentication connection, which does get created as part of the template. We will set up our own SQL connection soon with Dapper. So we will have two databases, one using Entity Framework for authentication (that we don't really manipulate or change) and one that we connect to via Dapper for our application data.

I will add it to the list. Thanks for the suggestion.

2019

I'm more of a 1.5x or 2x. I'm glad you found the speed that works for you.

@@IAmTimCorey You are a Star!

Thanks a lot

You are welcome.

Yep, that is correct. Thanks for pointing it out.

Could you let me know how to set the postman to ignore the https?

Thanks. this is very wonderful

I will add it to the list. Thanks for the suggestion.

You are welcome.

I like to keep the auto-generated database separate from the database I create. It keeps a clear separation. Also, keeping the identity information separate from the rest of the data allows me to secure the database differently and back it up differently.

You are most welcome. Thanks for watching.

We appreciate the suggestion and I have added it to Tim's list.

Glad you liked it!

Yes it is. The source code is no longer on Patreon, but you can get it by following along or you can purchase the entire course ( www.iamtimcorey.com/p/timco-app-series ). The reason why we used the technologies that we did was to simulate the real world. In the real world, you will find a LOT of organizations that are still using the .NET Framework. So, I intentionally started there. Once we built a simulation of a full application, we upgraded the application to .NET Core 3.1. Then, after adding CI/CD and more, we upgraded again to .NET 5. The purpose of this application was to show how older systems were built and to give you experience upgrading them to modern versions. The code you will use even in older systems is still relevant to modern development, so even that is good training both on older systems and newer ones.

@@IAmTimCorey thanks . I'll start this course by using dot net framework.

if you find any helpful video share it please,I am facing the same requirement as yours

Thanks a lot Connor. I would be stuck at this step for a long time if ur comment was not here.

My problem was that the webapi was running http on a separate port number, to find out what port number your http connection is running on 1. click on your project in the Solution Explorer 'TRMDataManager'. 2. Press 'F4'. 3. The properties window will open and you can see the http end point under 'URL'.

@@MuCkLetOol This here saved me from bashing my head against a wall. Thank you stranger.

@@MuCkLetOol thank you for that.

I will add it to the list. Thanks for the suggestion.

Glad you enjoyed it.

A 509 certificate basically creates an identity with the server. It says that you are who you say you are, kind of like a password but in some ways better. They are a pain, though, since each client needs to set one up with the server. I don't often see them used. However, this might help you out: stackoverflow.com/questions/35582396/how-to-use-a-client-certificate-to-authenticate-and-authorize-in-a-web-api

I came across it when connecting to an api that provides details of healthcare professionals and institutions. It is only open to those who have a valid reason to lookup those details. They first need to get certified. The idea stuck in my mind though, that it may be a secure way to design an application and/or app for 1 organization that works with sensitive private data (e.g medical files) and only software clients who have a certain certificate and token can use that api. Are there perhaps better ways to achieve a very high level of security?

Two factor authentication is a good solution. It allows you to verify that the correct person is the one using the credentials. Usually it involves a hardware key or secondary device (like texting a phone, although that isn't terribly secure).

Thanks!

You are welcome.

I will add it to the list. Thanks for the suggestion.

Ah, yeah, they can cause issues.

I mean, that's one way to learn to read the error messages.

That's great!

APIs don't do well with data streams if you are expecting the stream to continue over time. In that case, look at gRPC instead. It handles long-running streams well.

Thanks!

You are welcome.

I don't use UML. I haven't seen it used in a company since college. It may be that its usage depends on where in the world you are located. Personally, I have not found full UML valuable. However, I do draw out designs and databases. I'll probably do that for this project, although I'm planning on doing smaller-scale planning at each step instead of trying to plan out the entire application all at once (agile vs. waterfall).

Im doing the same thing, know nothing about web API, just C# basics. How are you doing after two weeks?

@@vitorvs @jecyn how are you guys doing so far?

I answered you on your other post.

The database was created the first time I asked for data or tried to insert data. It was created by Entity Framework auto-magically. The OAuth code used for authentication and authorization is written to use that database directly.

@@IAmTimCorey thanks Tim... Will try this during the weekend today...

Yes, you can. However, then you are going to run into potential issues in that the authentication database is automatically created with Entity Framework. If you try to modify it, you will have two different systems that both have control over making changes to the database. That's not ideal. That's just one of the reasons why I prefer to keep them separated.

@@IAmTimCorey ok thx I will try to explain to our server admin, that you said its not a good idea :)

It is the Microsoft-provided authentication system, but it is local. So, no, I'm not rolling my own (that would be bad), but I am using local authentication instead of a service. A service is a great option, but there are enough out there that you get a lot of fragmentation (and possible expenses). For instance, if you want users with permission levels, you could use Azure Active Directory (if you are using Azure and not AWS or another cloud provider), but then if you wanted to allow users to register, you would need to add Azure Active Directory B2C.

It is an option in Postman that actually puts the values in as query parameters.

Not in .NET Framework, at least not directly. In .NET Core, we can add it later. What you can do, though, is create a new project with authentication and then copy over all of the pieces of authentication to the existing API.