That's how a tutorial should look like! Straight to point with a working example. Love it! 😎🤩

Easy and great setup of how to add authorization to a web application. Well done!

Awsm Explanation, Easy to understand

Add my voice to the chorus. Insanely helpful and well-done video, thank you.

May I know the use of having the AuthenticationManager interface instead of just having a solid Class? thanks

Excellent video, I have shared with my whole team to watch. Thank you. One question, at 15:56 you add the JwtTokenAuthenticationManager to services with the key, but what if you wanted to pass in the DbContext and also maybe the ILogger so the JwtTokenAuthenticationManager can confirm the credentials against the Db. How do you configure the services for the JwtTokenAuthenticationManager in startup to inject those into the class?

Awsome way of teaching. And working with real scenario.

I am able to generate the token. I am also getting the data without authorisation. But when I give the Authorize for the get method I get unauthorised. Could you please help me solve this issue.

This is the most simple way of doing JWT , thanks so much

Dude!! Thx for the video! It really helped me out. Right know I'm just reading your blog to understand better the whole code.

In this JWT is authorized when sent as header in the request. May I know how can the access token be validate as part of query string ?

Guys I am confused here that the implementation of JWT here is working on O Auth 2.0 mechanism or not?

Excellent content.. very straight forward

This worked like a charm. Exactly what I was looking for..., Confused with various online material, but this was most clear of all of them...

How we can achieve same thing in MVC and pass token after authentication?

God bless you my friend for this video

really nice explanation to the point and explained every point thanks alot

Thank you Nirjhar. Great explanation.I have implemented with your example

Hi, why did you uncheck the "Configure for HTTPS" and check "Docker enabled" option while creating the project? It'll be really helpful info if you tell us.

My Authorization header is missing IDK why but I don't have problems with other headers, is there a way to change the header name?

Love the video. I urge you to create video on OAuth with JWT implementation. Complete details on OAuth.

Hi, I see that the AuthenticationHandler class comes under two namespaces. - Microsoft.AspNetCore.Authentication - Microsoft.Owin.Security.Infrastructure could you please explain what factors decide the namespace I need to use.

Very good explanation. thank you .

Hi, at timeline of 11:26 in this video, you added 1 hour as expiration. I tried with 1 min. But, after 2 min also, I could able to use same token and get the data. Means: token is not expired. Could you please help me on this.

Why wasn't I able to find this channel earlier 😭 🤣🤣 I've shared your content with all my colleagues 🙏

Hi Thaks for the video, I have a couple of questions . can you please clarify this? 1. I got a token from the server. I just passed it to someone to use this token. he could able to access the API with the token until it expires. How can we restrict this? 2. I got a token from the server with an expiry time of 15 min. before 15 min I hit token controller and got another token with an expiry time of 15 min. Now I have two tokens with valid time. will the two tokens work? or only the latest one? if so how can we validate?

Thanks for the Awesome Video. But I have a question. If I need to create a Custom Unathorized return message from any POST or GET api, what should I do ?

your tutorial is amazing, the IT community needs more people like you! however, MICROSOFT SUCKS for implementing a million different classes and ways to implement authentication /authorization classes then those classes get deprecated and then the developer will be scrambling for answers to solutions that new core version/framework is trying to introduce! For MS, there is no one universal, non-complex, non-confusing way to create a simple web API with basic authentication, it's like each authentication scheme is created by one developer that is trying to out-do the other developer within their team that has implemented a recent class/code! I hope, I really, really hope, that MS should one day be overtaken by another company or that incoming new developers will instead switch to open source and other tech stacks for web api-related stuff! I will be the first to rejoice if MS will file for bankrupcy one day, or get bought by Apple!

good help full, if you want to add more things then add authorization with multiple roles, multi-tenant application authentication.

Hi thank you for posting this video. I find it very helpful. I have one question regarding the authentication step though. After receiving the token with a valid username + password combination and entering it as Authorization : Bearer[whitespace]token, the Get step still throws a 401 error. Any idea of what may cause this? Thanks!

Very nice explanation !!! Just one query I have in simple asp.net api we used Owin and OAuth to generate and validate token but I dint see OAuth implementation in Core is there any reason ?

Nice explanation 👌

Excellent... keep up the good work

Hi , Have you used ever redis cache in identity server 4 to improve the preformation

Nice video , But I feel it would have been been great for beginners like me , if you had spent some time explaining the usage of each line while configuring authentication in startup and controller class files .

Please help me ,i am getting error from postman when i tried to access get after applying [authorize] error : similar to 403 forbidden, but specifically for use when authentication is possible but has falied or not yet provided.The response must inculde a www -authenticate header field conataining a challenge applicable to the requested resource

Very quality content. It very helped me to understand this important theme !:)

Very useful information. Thank you sir...

username and password passed as json to get Token via authenticate may capture in fiddler and other tools. How the security of data is ensured if web api need serve in internet ?

how to send the authentication header with each call. like what you did in postman?

Great tutorial, easy to follow and understand. Thanks a lot!

im getting 404 not found in get when im trying to get values1 and values 2

how to validate bearer token - if you put post man bearer token its allow to hit the method i want to how to validate bearer token and the method

why is making the IJwtAuthenticationManager necessary?

Thank you so much for taking the time to make this video and share your knowledge! Excellent. Subscribed :)

can this jwt auth method used to verify access on controller page not controller api?

Hi. Good video. But what is the purpose of audience nd issuerence?

Thanks You. Great... very neat and clean explanation given by you.

Thanks for the video. I followed exactly like you said. The token expiry I set as : Expires = DateTime.UtcNow.AddMinutes(Convert.ToDouble("20")); So, as you see I have set 20 minutes. I submit Authenticate request -> I get access_token, thats great! Now, I submit other API request with this access_token as bearer, I get the response as expected. Now, after 20 minutes, I try hitting the same endpoint, I still get response, even though 20 minutes have passed already. What am I missing? Please help.

why do we need to "var tokenKey = Encoding.ASCII.GetBytes(key); "

Thank you for the knowledge you shared. What are the headers that I should be using with Postman?

Excellent video brother.. I have been looking for this.. Thank you so much 🙏🙌👏👏

"The name 'Encoding' does not exist in the current context" how to deal with it?

i am big fan of your videos .

Very well explained. Thanks for your effort.

really helpful to understand the jwt authentication. please make a video on refresh token also

How about updating the token expiration when user tends to log out?. can you help me with that code?

Hi, thanks for the tutorial! You keep the content simple and easy wich is great, but for future improvement you could add a real front end, just a login page, 1 or 2 authorized pages and a logout. this way we could see the complete workflow of the jwt and how is stored in page transitions.

Hi, At timeline of 10:23 in this video, I have two questions here. 1) Why you used SecurityTokenDescriptor (from Microsoft.IdentityModel.Tokens); why not JwtSecurityToken (from System.IdentityModel.Tokens.Jwt)? 2) What is the difference between Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor and System.IdentityModel.Tokens.Jwt.JwtSecurityToken classes? When to use which?.

Great video, nicely explained

Amazing video thank you! So clear and concise!

Simple and clear example, thank you 👍

Thank you for this very helpful video and sharing your knowledge! Subscribed!

Thanks a lot for such content. I respect and really admire your huge efforts, for such incredible content. God bless mate.

Thanks for your video, a Very Good explanation. I have a suggestion. if you can list out all the dependencies that will be great.

Excellent Show, thanks much.

Excellent work explaining this!

which the best place to store that private key?

Nice and simple video

Great video. Keep doing the good work

Thank you for this helpful video. Keep doing the good work.

This is great and I was able to replicate this. However, I'm wondering.. where do refresh tokens come into play?

Great video brother. If you could explain why we are using each commend and its benefits would have been really helpful.

How to make jwt taken invalid on logout time??

Can you please provide the second part of this tutorial. It is very nice video. Awesome.

Great content 👏👏 , Thank you

Thank you for all of your tutorial

Great video, i request you to explain the token validation parameter , and token descriptor class properties significance and what situation what value we should set may help great if you do some short video on that portion

Hi bro can you make a video on how to renew the expired token when user is in actively using webapi and web application

How can i consume it in my mvc application??

Thank you for making it easy understanding.

So satisfying keyboard typing.))))

Thanks....good explanation

very well explained

Thanks . Perfect video

Very good video

Very nicely done. Thank you.

I still get 401 even I pass the token

Awesome keep up the good work

where is the code link??

Thank you for your well explained video. If possible, could you please make another video to show, secure an api with azure active directory and consume it from AAD secured react app.

Thank you! Very helpful tutorial.

Nice one ... can we apply same for MVC 5

Can you do a playlist of these series please ?

A heartly thanks to you for teaching the tokenization in simple way.

Thank you so much for this video! it's really helpful..

Good job 👍 .. what about refresh token?

Can you explain the claims please?

Thank you man, that is what i sought for

Thanks for the tutorial. You are explaining the concepts very well. Could you please give some suggestions on this? What are the ways to store a JWT token securely on client side. We can use cookies or local storage. But, however someone/ anonymous will able to see the token by using some debugging tools and they can mock the same request and use it in outside of the application. How we can avoid it? Thanks.