Glad to hear it!

Thank you very much for your feedback

1. As the title implies, in this video I have implemented authentication from scratch, so not relying on the scaffolded files. Therefore the structure is different. What you give as an example seems to be the default Microsoft.AspNetCore.Identity structure. 2. I'm not sure what you refer to. In this video we use SQL for authentication and authorization. 3. I'm not sure I can help with that :)

Can you answer this question please?

Glad to hear that. Let us know about how it goes. Other authentication videos will follow these days :)

@@Codewrinkles worked well for me, thank you!

I am not aware that the packages has been deprecated. Hmm.

@@Codewrinkles It is deprecated. It is v2.2.

I would say this: When youre trying to learn all of this stuff there is definitely a correct order. First: Setup an SQL server and implement data access. Simply since youre now in the pickle of needing that server and that data access to implement authorization and authentication. So yes, you should first get data access right, watch the video about HttpContext that he mentions in the beginning, and then try to learn and master this.

Nice catch. Thank you!

@@Codewrinkles you’re welcome.

@@Codewrinkles you’re welcome. Anytime I can help.

Glad I could help

I think that is a simple migration after this.

Thank you.

Welcome aboard!

Yes, sure you can. You can add as many custom claims as you want to the claimsprincipal before signing the user in.

Codewrinkles members on Ambassador level get access to the source code of videos I publish. If you join as an ambassador you will get access as well. After you join, check the "Membership" tab and scroll to the post where you'll find instructions.

I don't think you should avoid it all the way, but we need to know what happens behind the scenes and what's actually scaffolded.

Glad it helped!

I'm glad you liked it.

I mentioned during the video that there are plenty of other videos to follow. This one got fairly long just covering the bare minimum. It's not possible to put just everything in one single video.

That's possible, nut it requires some work and understanding. You need to implement your own providers: learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-custom-storage-providers?view=aspnetcore-7.0

Tbh, I don't remember. But I would probably let it with OnGet as I want to be logged out when I'll be redirected to that logout page.

@@Codewrinkles Thanks for your respond. Sry to bother you again abt this Logout pagem just trying to learn it the right way😊. When we look at how microsoft by default implements the logout button in MainLayout, they put it in a form with "post" method. Why do they go through all that trouble to call this page OnPost. And also, on your later video, when you add the UpdateSecurityStamp in Logout page, it's OnPost.

The user table is created in this case by Microsoft.AspNetCore.Identity. The connection to SQL is done via a connection string. Regular ASP.NET Core stuff.

I think I did it. In my Blazor project, I chose to add Identity Scaffolding and I selected all the pages (which got added to my project). However, I did not finish scaffolding it. I did NOT call it in the command line. I then used your code on Program.cs. I had to add .AddDefaultTokenProviders(); after builder.Services.AddIdentity(). I also had to add @attribute [IgnoreAntiforgeryToken] to the LogOut page, so I can access it from the LoginDisplay component that I added. I also added the EmailSender.cs class. Now the Lost Password link works. Please let me know if what I did, sounds like a bad idea. I realize adding a token would be better, but I do not know how to do that. I do hope the rest of what I did, is correct. I still do not know if I can add this login in a small popout window. I will work on that another day. Thank you for your assistance.

In that case you would have to create custom implementation for the Microsoft.AspNetCore.Identity interfaces that you want to use. E.g: IUserStore, IUserManager, IRolesManager and so on. That's a fairly complex topic but I think I'll get into it.

I don't think you can do that.

Because that how you do authentication in Blazor Server. And it also includes information about the authentication mechanisms Blazor Server is using and how the AuthenticationStateProvider is working. The fact that we're using Razor Pages for the form is probably the least important one in this video.

There's no need to run BS or BWASM Monster if user is not logged in

I have created the database beforehand. If you inerit from IdentityDbContext and provide a connection string you need to first add migrations and then update the database. You don't need to write any code. The migrations for the identity users are part of Microsoft.AspNetCore.Identity.

@@Codewrinkles can you share the databse .sql ? i'm pretty new to the blazor and identity and i want to create the db by hand, not with migrations

Yes, you are correct. You cannot use those components in Razor Pages and in Blazor Server (till .NET 7) you can't get around this. This is how things are supposed to work. However, starting with Blazor in .NET 8 things are a little bit different and you will be able to use regular Blazor components on authentication pages. A video on this will follow next week.

@@Codewrinkles super! Thanks for the reply.

​@@Codewrinkles Hey I have a question about auth in .net8 vs .net7. I started a project in .net7 and I was able to follow along fine until you started adding the views as razor pages since I am only using razor components in my project. Will the .net8 video you release also be applicable to .net7? Or will I need to convert my project to a .net8 one? The project is already running on .net8, but is still formatted as a .net7 blazor server project. Any response would be much appreciated. Thank you!

It's actually how it is supposed to be implemented. So, I don't see any problem with that.

Unfortunately, I really can't magically help here. Try debugging the application, set break points in the Login method. Go step by step through the code and check where the problem appears. Also, in the output window, there should be a lot more logs from Microsoft.AspNetCore.Identity that would help to understand what happens.

@@Codewrinkles is there a github source available?

Hi Mike, have you found a solution for it? I run in the same trouble with the register page. it is not catching the OnPostAsync() method at all.

Got it. Check your _ViewImports if everything is spelled right...... in my case the TagHelper was wrong

I get the same issue@@guntergottbrecht5915 After submit on Register nothing happens and the error page

Thank you very much for your feedback and kind words. Source code access is a perk of the membershjop program. Anybody can join it via the "Join" button below each video or via the channel's home page.

@@Codewrinkles I have joined but I cannot find the source code.

@@hismailsa As a member you should have access to this post that I have published right now and you can download the source code: kzbin.infoUgkxfLSh0qXSXUBE9Say7Uh7VMEAr31u-qAL Please note that for videos uploaded before the membershjip program started, I provide the source code by request and if available. For most videos starting 2021 I should have it.

@@Codewrinkles Love this video, now should even be better with the code

@@Codewrinkles Just paid for the membership, the link seems to be broken

as soon as you dbcontext is done, you can run migrations it will pick up the identity tables needed and run it on your db

My pleasure

i needed to add "base.OnModelreating(modelBuilder) line in my OnModelCreating method. Thx, it works great, will try to implement something like if you are logged as admin u can delete stuff otherwise just read...

I still think we are mostly looking at this the wrong way. I find it strange how developers, even at a junior level, hear some things somewhere and then use it like a dogma. And when "performance issues" come into question I tend to go crazy. Because we are all looking at performance issues of using GUIDs over ints as identifiers, but when I look at applications out there 90% allocate memory like crazy, pass materialized lists across entire app layers instead of using IEnumerable or IQueyable, db queries are a nightmare. Trust me, using GUIDs over ints as identifiers is the last performance issues we should be concerned about.

@@Codewrinkles Thank you

No you should not. Otherwise the structure will be created for you and it will be different.

Theoretically yes, but it's not recommended as with Razor Components you can't set cookies.

My advice would be to not mess things up. In Active Directory usernames are unique. When we are using identity provider (AD is an identity provider) we should simply use that identity as it is. If we need to store things in our DB for our app specific needs, then that's OK. But for auth pruposes use the Claims Principal that was generated based on your Identity provider.

@@Codewrinkles Thanks for the advice. The main reason I thought of using Identity was the built in implementation of two factor authentication. Could you probabaly add tfa with claims to your video series as well? :)

Thanks for your comment. I'm not sure I get your question right. In this video I have showed that for login, register and so on we CAN use Razor pages. If you want you can use even regular controllers with views. It is important that we do registration, login, logout through a setup that goes through the regular ASp.Net Core request pipeline. Also as I explained in the subsequent video, Blazor Server relies actually on the AuthenticationStateProvider for everything that's related to out. However, on the AuthStateProvider I will do a dedicated video since there are some very important things to be aware of.

@@Codewrinkles First of all thank you very much for your response. That what I was asking about the AuthStateProvider, Because I will have an API application which both Blazor Server And Blazor Web assembly, so I want to consume all the api endpoints in both of them including the Authentications and Authorizations. Best Regards.

@@talkathiriify Sure you can do that. But I'm not sure about the entire design. I'm sure though that you probably have some very valid reasons for this kind of setup. For me, however, it looks a little bit weird based on the level of information I have now. If you have an API already, then what's the purpose of the Blazor Server app? That would be a scenario where Blazor WASM would do the job. The maine reason why I use Blazor Server mostly is that I don't really need to build and extra API layer/ I can use everything like I would normally do in a regular Asp.Net Core app with the benefit that for users it will behave like a SPA.

@@talkathiriify Also the authenticationStateProvider works slightly different in Blazor WASM and in Blazor Server. In Blazor Server it uses the HttpContext.User to get the authentication state. In Blazor WASM this is not possible so it is usually a custom implementation that does the authentication based on a response from an authentication/authorization endpoint.

@@Codewrinkles Thank you very much for the explanation. I actually came form desktop environment for almost 20 yr, and new to the web world, so you recommend if I have Blazor Server App. I do not need the API's, Let me please explain my scenario to you I am trying to convert all my desktop applications to web based application using Blazor and one of my application is a multi tenancy then I will create Razor class library and consume it in Both Server and WASM apps. your recommendation will be highly appreciated Dan. Sorry if I asking to much and wasting your time, but I really trust your thoughts and suggestions. Thank you very much, and Best Regards.

As an Ambassador you should be able to see this post on the membership tab: kzbin.infoUgkxfLSh0qXSXUBE9Say7Uh7VMEAr31u-qAL In the post there's a link to download the source code. Also when did you join? Maybe KZbin takes a little bit of time? Please let me know if you can access the post through the link I shared.

@@Codewrinkles Thank you so much! I am not sure why but the membership tab would not scroll past 8 months ago. That link worked perfectly! Thank you for the rapid reply!

That's because it's then when I started memberships. This post is from Janaury I guess, so you probably just missed it. No problem. Glad I could help.

@@Codewrinkles Good luck with your Internet!

Calls to an API should always have a JWT token that is used for authentication/authorization.

@@Codewrinkles Great I did just that!

You can use controllers. The core thing is that for authentication you need an HttpContext that you can rely on. I think it's not that complicated to write a login page without MudBlazor. There are plenty of HTML templates that you can use.

I think I was explicit enough in the video. To perform authentication you need a reliable HttpContext. You can't have a reliable HttpContext in Blazor Server as the context is instantiated once per circuit.You need the regular request-response pipeline to be able to perform auth reliably. That's why you either use Razor Pages or regular controllers with views.

@@Codewrinkles in your HttpContext video, you set it up as a DI service. Couldn’t that service be used anywhere within the app? Trying to find away of doing this without having to leave the current page. In this video, you set persistence to false. Meaning closing the tab would require a new login, might that be set to true and have it last between circuit connections? Thanks

Aha! Found out you can do it anyway, just don't bother putting in the builder. prefix...

Yes but you would have to create custom resolvers for Microsfot.Aspnetcore.Identity to work with.

@@Codewrinkles Hi there! So sorry to interject here but I too am trying to get some kind of login with authentication and authorization using Cosmos DB. I don't quite understand what "custom resolvers" are that you explained above. Is it at all possible that you could link a resource that explains this? Also where are the user login credentials saved in the DB? In a table you made? Oh and I see you were using Razor Pages, would this still be able to work using Razor Components instead? Sorry for all the questions. I've been struggling to do this for weeks now. I would be grateful for your guidance.

Hello. First of all, thank you for joining as a member. If you got to the channel homepage you will find a tab called "Membership". On it you'll find a lot of communications with instructions on source code access. You can navigate to the memberships also using this link: www.youtube.com/@Codewrinkles/membership

Now I looked closer. It turns out you subscribed to the Supporter tier. Source code access is available for the Ambassador tier. That's specified in each tier details and in the membership video that you can watch when you click on the JOIN button.