I am finally in AUTH stage now! I have planned my databases clearly, using my personal NF rules. 1. Can be many to one? New Table 2. Only one to one? Same Table I am about to do start getting freaky freaky hands on when I realize that, hey, I need auth. And Now I'm here. With just 3 videos, ASP.NET MVC, Data Access and OAUTH, I feel like a professional now. I must say ASP.NET Core MVC is much more clearer and simpler now that I understand that models in ASP.NET MVC is just for views. Sorry for long text, you are the best.
@IAmTimCorey4 жыл бұрын
I'm glad it is sinking in for you.
@martinvaughan41973 жыл бұрын
Great video! It would be really handy to see a follow-up to this detailing how Authorize works behind the scenes and how to take more control over what entity framework is doing.
@tomthelestaff-iamtimcorey75973 жыл бұрын
I noted your recommendation by adding it to Tim's list of possible future topics, thanks.
@lindelihlesambo41003 жыл бұрын
Tim is King!!!. you make everything easy. I normally dread long videos but this one seemed like it was 5min the way I was enjoying it.
@IAmTimCorey3 жыл бұрын
Glad you enjoyed it
@lindelihlesambo41003 жыл бұрын
@@IAmTimCorey I have been looking for a tutorial like this . Can you help me with a tutorial that explains how to set redirect pages for different users when using default login in MVC with entity. Hopefully one that can also explain how to hide certain tabs in the nav bar based on user roles. Thank you in advance.
@ab_obada501210 ай бұрын
God loves me so much that I have found your channel :)
@IAmTimCorey10 ай бұрын
I'm glad you enjoy it.
@Babaelow2 жыл бұрын
For those confused: The local authentication is also (still) called "Forms Authentication", although it's not about Webforms anymore. It's somewhat different though than the Webforms thing.
@IAmTimCorey2 жыл бұрын
I don’t think it was ever about WinForms. It may have been a reference to WebForms, but I don’t think so. I think it is just about needing a login form.
@Babaelow2 жыл бұрын
@@IAmTimCorey Sorry, I corrected it to "Webforms". I always confound these terms.
@jeppechristensen57074 жыл бұрын
Hi Tim. Thank you very much for the videos that you provide - I've already watched a bunch of them, and found that they help me a lot. Just recently I read the book "Patterns of enterprise application architecture" by Martin Fowler, and figured that you haven't covered much of those patterns as is - other than of cause, general architectural principles that developers should adhere to, i.e. SOLID and DRY. When I read the book, a bunch of these patterns were sort of abstract. I understood the general ideas, but personally it would be extremely helpful to see a seasoned .net developer like you, show them in practical setting, and give your personal opinion on the most common ones. Additionally, now when we talk about patterns... When I see this video, i cant help thinking, how to implement this "out of the box" user authentication system in a common 3-layer application, where we don't use a local database but rather one on a server. How would you implement it in your business logic? would you even do that?
@IAmTimCorey4 жыл бұрын
I will be covering more patterns and practices, although a lot of them are much more specialized. As for using this authentication on a remote server, you would just point your connection string to that remote database. I'm not a fan of how tied it is to the UI but that's a personal preference.
@timothywestern64883 жыл бұрын
Yeah I tried taking the ApiHelper/Token idea that you did an MVVM app with, took a while but was able to login. Then I decided that Owin was the next thing to learn, but I couldn't figure out why it didn't work out of the box. It turned out, that when I moved it from local to a named instance locally that I had the wrong connection string. So if you run into that issue, check that. I love your work Tim. Really helpful to shake off some of that rust.
@IAmTimCorey3 жыл бұрын
Glad its helpful, and thanks for sharing.
@cloud77hot404 жыл бұрын
Great video man! Thinking of making an app into an asp.net MVC style and I was worried that authentication would be a nightmare. Thanks for making it more simple!!
@IAmTimCorey4 жыл бұрын
Great!
@satyabratamohapatra33974 жыл бұрын
Best tutorial on OAuth. Clean and to the point explanation. Thank you TIM !!
@IAmTimCorey4 жыл бұрын
Glad it was helpful!
@preshnaidoo10434 жыл бұрын
Thanks Tim. I know everyone has different opinions and you’ll base your future videos on the majority , but I think the level of repetition is spot on and the content presented in a very clear manner. I am one of those people making my way up to mvc core, so this has been very helpful. You mentioned that you weren’t a big fan of entity, I’d appreciate a video on your take on this and what you do use.
@IAmTimCorey4 жыл бұрын
I wrote a blog post that addresses your question about EF: www.iamtimcorey.com/blog/137806/entity-framework
@davesimon91926 жыл бұрын
Gone are the days where one could download a shareware copy of Hotdog HTML editor and publish a site with having just a few files. (Which IMO, is a good thing. I feel the internet became convoluted with junk because people could just keep adding trash to the pile not having any technical skill or understanding what's going on under the hood.) Great video!
@IAmTimCorey6 жыл бұрын
Thank you!
@jacklee58764 жыл бұрын
Hi Tim. Thanks for great video. I wish I'd seen this a long time ago. I've read numerous tutorials but you've made a seemingly complicated subject a lot easier to understand, this video was perfect for me as a starting point for further study into the subject. Thanks again. :)
@IAmTimCorey4 жыл бұрын
Awesome! I’m glad it was helpful.
@TheAngelOfDeath016 жыл бұрын
Brilliant! Thank you so much, Corey. Amazing as always. It would be really nice to see more about Access Control using MVC and C#. Security is super important, but also one of the biggest error zones where developers (especially new developers) make mistakes, often costly ones. In these times where there are hackers, trolls and ghouls all over the place, educating people on security and how to make it easy, but good, is relevant. Thanks, Martin.
@IAmTimCorey6 жыл бұрын
Sounds almost like we should have a new start to finish course that is more MVC-focused from the beginning so we can see how to implement this stuff in the real world. ;-)
@RalfsBalodis3 жыл бұрын
0:00 - Intro 1:41 - ASP .NET Framework demo app with authentication 13:01 - Register vs Login explained 15:25 - Built in user registration and login 18:28 - Registration C# code overview 23:45 - Built in SQL 29:45 - Twitter authentication setup 45:37 - Implementing user restrictions 52:48 - Restrictions based on user role 1:01:03 - Who is logged in? 1:02:20 - Summary and concluding remarks
@IAmTimCorey3 жыл бұрын
Thank you!
@Babaelow2 жыл бұрын
"leaving authentication to Microsoft" can also mean leaving it to your local active directory, not only to Microsoft online services such as azure. However, you may still build your own AUTHORISATION system if you don't want to create AD Groups for everything. Tim, as always, correct me if you shouldn't build that on your own either :)
@spfy6 жыл бұрын
Thank you for the video! I didn't know they made Authorization/Identity stuff so easy! If possible, I'd love to see an expansion where you talk about requiring authorization for Web API. Show how someone that wants to use my API for their own applications can authorize themselves for access.
@IAmTimCorey6 жыл бұрын
I will be doing authorization through WebAPI in a video in the near future.
@coolwaterdvr6 жыл бұрын
I'm loving this ASP.NET series. Thank you. Request: If you decide to make a lesson about EF, can you do a database first approach? Using Stored Procedures in EF would be nice also. Again Thank you.
@IAmTimCorey6 жыл бұрын
I doubt I'll be doing an EF video any time soon since I'm really not a fan of EF (check out my video on connecting C# to SQL) but I'll keep it in mind.
@WantOxide5 жыл бұрын
I will explain you how it works > 19:00 by large you can leave this as it is and just works Wow, awesome explanation
@sherlockholmes11214 жыл бұрын
Thanks Tim, Finally found someone that can explain how this works.
@IAmTimCorey4 жыл бұрын
Excellent!
@hory-portier6 жыл бұрын
Thank you for good video and for redirecting me here. Once again I have found less information than I expected but presented in great way. You showed here how to use this generated things but I am a bit afraid of using something I don't understand. Menage controller has almost 400 rows, there are also some models that you didn't even open here. I understand that in this video with your speed it wouldn't be too good to speak about it because it would be too long, but I would really be glad if you could make 2nd part of this with more details. The most important thing for me right now is how to work with outside database. I'm not sure how to link my database in Web.config. I have found how to add my outside database to SQL Server Object Explorer and how to find its Connection string but even for the default database connection string here is different than the one used in Web.config and only first part (Data Source) is the same. I'm interested in this topic and will wait for more about it. Also I will subscribe you to not miss it.
@IAmTimCorey6 жыл бұрын
I have two videos that might help you. First, I have a Connection Strings video that gives you a good overview of how to set up a connection string and where to find what yours is. Second, I have a video on Connecting C# to SQL. That will show you how to configure your web.config/app.config file so that you can connect to an external database. As for showing more details about the authentication side, I will be doing that in future videos, although I'm not sure I'll ever go line by line. Some of this is EF Code First and I really don't want to get into that whole issue. As far as setting up your own database to do the authentication, if you point your connection string to the right database, the first time the app runs it will set up the proper tables. I would recommend that you not mix databases though. Keep a separate database for your authentication vs. your other data. It is much easier to secure that way. You can still have them on the same server though.
@drimadoh4 жыл бұрын
Hey Tim... I can't thank you enough for this awesome stuff.. I'm using some of them in my teachings at university :D Will you be doing anything soon on Xamarin??
@IAmTimCorey4 жыл бұрын
Yes, I am ramping up my development work in Xamarin so I will be ready to teach it soon.
@tnysvntr4 жыл бұрын
Hello Tim Corey, I would like to suggest for you to create a complete website or system using asp.net mvc just like the retail manager. That would really help us,me specially to learn a lot from you.. thank you very much
@IAmTimCorey4 жыл бұрын
That suggestion is on the list. Thanks!
@tnysvntr4 жыл бұрын
@@IAmTimCorey thank you Tim!
@sengar316 жыл бұрын
Nicely explained... Please make a video on other functionalities of identity, e.g email verification before login, reset password, forgot password, Two-Factor Auth. Thanks a lot for providing such great contents.
@IAmTimCorey6 жыл бұрын
It is on the list. Thanks for the suggestions.
@kittytechnologies93596 жыл бұрын
Great video. Can expand it include user and role management via a webpage.
@IAmTimCorey6 жыл бұрын
I'll be covering this in future videos. Thanks for the suggestion.
@Ocura896 жыл бұрын
I'd like to see that too!
@JackWatling6 жыл бұрын
Great video. One thing to add - if you stack the Authorize declarations on a function/controller you can require the user to have all of the roles specified (AND), rather than just one OR more of them. There's an example here: docs.microsoft.com/en-us/aspnet/core/security/authorization/roles
@IAmTimCorey6 жыл бұрын
Good tip. Thanks!
@InimitableMrG5 жыл бұрын
RequireNonLetterOrDigit means Require Non(letter or Digit) or require something other than an alphanumeric character (So, a special character).
@IAmTimCorey5 жыл бұрын
Yep, you are right. Drew a blank when looking at it.
@bridgefour44486 жыл бұрын
Sorry for the multiple questions, but I have some gaps I can't fill. I've always built my sql tables on a server first, then coded my application, so I am apprehensive about building on localdb...every tutorial regarding identity I have come across starts with tables on localdb and assumes we magically know how to move it to production at some future point. My process before (I have never implemented authentication) has always been to first get database on a real server, build tables there, go back to my app , set up helpers, a dataaccess class and connection string, build model, build controller, build views...in that order. If I miss something I go back to sql build the table, then go back to the app, rinse and repeat. Now, I am thinking of starting a new db on azure and want to implement identity. If I were to follow this method of implementing identity locally first, what do I need to do to get the all my tables (including the other ones I add to the db) in the server instead of localdb, assuming I coded the whole thing locally first instead as in the demo. Is it possible to change the connection string before installing the owin nuget package and running the package in order to sidestep all that so I can continue working the way I have before (ie the table structure for identity stuff would just be created in the production server instead of localdb)? Or is there some easy button for moving that all into a production server after you have coded your entire project locally?
@IAmTimCorey6 жыл бұрын
I decided to answer your question here: iamtimcorey.com/ask-tim-database-authentication-setup/ I hope that helps.
@bridgefour44486 жыл бұрын
It does! Thanks much! I also appreciate the clear and distinct instructions your videos usually include. I do a lot of research and find your videos the easiest to understand, the most comprehensive, and have lead to a lot more ah-ha moments for me. I think I would still be scratching my head on a lot of ideas if it weren't for your channel.
@shuhoodrahmani8201 Жыл бұрын
Please can you provide a short video in regarding of adding authentication and authorization to an application created previously. when I do so, it doesn't work. thanks
@IAmTimCorey Жыл бұрын
Thanks for the suggestion. Please add it to the list on the suggestion site so others can vote on it as well: suggestions.iamtimcorey.com/
@itworks59803 жыл бұрын
This is very helpful. Can you please create a video for allowing users to register using localdb but requires admin approval before they can start logging in? Thanks!
@IAmTimCorey3 жыл бұрын
I will add it to the list. Thanks for the suggestion.
@itworks59803 жыл бұрын
@@IAmTimCorey You're the best!
@blackdog31132 жыл бұрын
Hi Tim, thanks for the wonderful tutorial! I am new to authorization and bit confused as to use third party tools like Auth0, IdentityServer5 , okta vs the Identity Framework provided by Microsoft. Is the Microsoft Identity really that unsecure as people on the internet say? All the third party auth tools are black box and have not so good documentation, where as identity is easy to setup.
@chineduokolie73772 жыл бұрын
Hi Tim. New to authentication and I followed the tutorial, however I still get the "The remote certificate is invalid according to the validation procedure" error.
@IAmTimCorey2 жыл бұрын
It sounds like you have a problem with your developer certificate. Try this answer: stackoverflow.com/a/58957501/733798
@webdistortion6 жыл бұрын
Hi Tim, this is great. Would love to see an example of impersonation following on from this video. i.e. login as an admin (with admin roles) and then impersonate a user already registered in the system to see their data. Or indeed any pointers on which classes etc. to read around to do this.
@IAmTimCorey6 жыл бұрын
Thanks for the suggestion.
@softfamilyjay32676 жыл бұрын
Thanks and you really made it so simple. One word for this. Amazing!
@IAmTimCorey6 жыл бұрын
Awesome!
@attilaguba8562 жыл бұрын
It's really good explanation, I like when you showed the Role based authentication as well. Do you have a complex tutorial how I can implement with all Identity Register and Login , Forgot and Reset password and =>/ Facebook, Gmail etc / to an existing website with publishing too!?
@IAmTimCorey2 жыл бұрын
I don’t. Sorry.
@jeztafari5372 Жыл бұрын
Trying to follow this with the new project template in Visual Studio 2019 and the Register and Login pages blow up with a Null Ref Exception on the model straight outta the box!
@emirhancelebi83165 жыл бұрын
I wish someone to explain Authentication middleware in detail. What is Authenticaion Type? How does it work regarding cookie based authentication ?
@IAmTimCorey5 жыл бұрын
Sounds like a good in-depth video. I'll add it to the suggestion list.
@emirhancelebi83165 жыл бұрын
@@IAmTimCoreyThanks for your attention Tim. I'd be so thankfull to you if you take your time to pick up on it. I have really had a hard times to understand how this middleware and its properties behave after each request.
@jayjoe17255 жыл бұрын
Thanks for making these tutorials! Fantastic content
@IAmTimCorey5 жыл бұрын
You are welcome.
@louiseeggleton74206 жыл бұрын
Great series of videos. One thing I like to do is put my Authorize attributes in a base controller and inherit from it so that I am not having to put Authorize everywhere, and I don't run the risk of forgetting to put Authorize on some controllers. Some might argue that I could also forget to inherit from the base controller, but in my case, the base controller does a few other things that are essential to my app, so I wouldn't get very far without inheriting from the base controller.
@IAmTimCorey6 жыл бұрын
Good tip. Then, if you need to have something not protected, you add the AllowAnonymous tag instead. Essentially, your application is secure by default. I like it. Thanks for sharing.
@SyrgakZhylkybaev6 жыл бұрын
Thank you. I like your videos. Keep posting please
@IAmTimCorey6 жыл бұрын
Will do.
@jassisidhu77505 жыл бұрын
Hi Tim,Thanks for this video,however i am just curious to know how [Authorize] works behind the scene.How it gets to know the user details and token and authorize the user.. It would really be helpful if you could provide me any pointers .
@IAmTimCorey5 жыл бұрын
It uses the header token and converts that over to identify the user. From there, it figures out if you have access privileges or not.
@martinvaughan41973 жыл бұрын
@@IAmTimCorey Have you covered this in any videos? Would be very useful to get more insight into how asp.identity works!
@uwebraun88934 жыл бұрын
Interesting I find the Role-Management. I have to do some research, if you always need to specify the Roles by a String "User, Admin". It would be much easier, if it could be done with the UserID, because then you can easier group them, like saying Access to RoleID > 2... But I guess that is also possible somehow. Anyway, thanks for the very clear tutorial.
@IAmTimCorey4 жыл бұрын
You can assign permissions to a user, not just to a role, but that is too specific and hard-coded to be very useful. You can't apply conditional logic to the role decorators (without dropping the check into the code), so >2 wouldn't really work well.
@Biagio9999999994 жыл бұрын
Hi Tim! Love your tuts. Will you ever do something about Auth, without Microsoft Identity Framework? I would love to build my auth without any pre-scaffolded code. Thanks!
@IAmTimCorey4 жыл бұрын
It is on the suggestion list.
@boyanpetrov46284 жыл бұрын
Ugh I spent 2 hours searching and replacing my callback Url but I just can't get it right. I keep getting the 403 Error. ***EDIT: fixed it by adding: localhost:44388/signin-twitter Amazing content as always Tim, Thank you!
@IAmTimCorey4 жыл бұрын
I am glad you figured it out.
@veoquenoesunproblema3 жыл бұрын
Extremely well explained. Very top level as Indian Eng. haha who save my butt more than once.
@IAmTimCorey3 жыл бұрын
Thanks!
@BrianEHo4 жыл бұрын
Hi Tim, thank you for sharing your videos to public. I learn a lot from your videos. Do you have any video talks about OAuth 2.0 in Visual Studio?
@IAmTimCorey4 жыл бұрын
I have content using the .NET Core authorization but not external OAuth.
@kombokenedy47506 жыл бұрын
Tims your works alwalys kills me .
@IAmTimCorey6 жыл бұрын
Hopefully in a good way. :-)
@Babaelow2 жыл бұрын
Also to say: If you store the password in a database, always HASH it (like SHA), never just ENCRYPT it (like, say, with AES). There is a BIG difference. There is a difference if an administrator is able to RESET your password, or if he is able to SEE it. He should NEVER be able to see it. If it's just encrypted, and he knows the key, he can read it. If it's hashed, no chance for anybody.
@IAmTimCorey2 жыл бұрын
There is a lot that goes into making authentication secure.
@Babaelow2 жыл бұрын
@@IAmTimCorey You're right. I have to correct myself: Hashing is not enough. You need to "salt" it as well. I watched a video "How to not store passwords". After that, I knew more.
@smithmsiska61502 жыл бұрын
@@IAmTimCorey could you make a video on single sign on with aspnet core?
@Fasiibcs6 жыл бұрын
Hey Tim, I saw couple of your videos and you doing awesome job. How ever, I'm just curious you said in this video you are not a big fan of entity framework. So what you suggest in alternate?
@IAmTimCorey6 жыл бұрын
I suggest Dapper. Much easier to use, much simpler, and it does not interfere with good database design. You can see more about it in my video here: kzbin.info/www/bejne/e6WVnJt9o9d8p8U
@harag96 жыл бұрын
I agree with Tim now, I used EF a while ago and hated it, I find Dapper much easier now (after I saw it on one of Tims Videos) - Thanks Tim.
@ardenyoung65544 жыл бұрын
Excellent video and very timely for me. I do have a question. You mention that the local database is not the preferred storage for account data. What is involved in moving to a MySQL database for the account storage information rather than the local SQL database?
@IAmTimCorey4 жыл бұрын
It would be easier to just move your SQL database to a "full" SQL Server (or Azure SQL) but here are instructions on using MySQL: docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/aspnet-identity-using-mysql-storage-with-an-entityframework-mysql-provider
@yogeshvaidya58955 жыл бұрын
its too long but very useful and informative tutorial ,yo did just simply grate works , i request you to give email verification tutorial , thanks
@IAmTimCorey5 жыл бұрын
Thanks for the suggestion.
@adamschneider8683 жыл бұрын
*** FIXED READ BELOW *** I did everything described in this video in regards to Twitter. I keep getting 403. Response status code does not indicate success: 403 (Forbidden). Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 403 (Forbidden). However, with the new signup procedure for a Twitter Developer account, I had to assign a URL for my website and an organization URL. I don't think this is the issue, but worth noting. I used the URL to my twitter profile for these values. I tried adding more callback urls 127.0.0.1 localhost:44306/Account localhost:44306/Account/ExternalLogin localhost:44306 That didn't seem to work either. Am I missing something? Is there an extra step in 2020 that I am missing? ***FIXED*** append "/signin-twitter" to your callback URL. In my case localhost:44306/signin-twitter. Now it works. Whew. ************
@IAmTimCorey3 жыл бұрын
Glad you figured it out.
@Greatfulone3 жыл бұрын
Thank you so much. I feel I learned so much, and I even fixed a few things on my website based on what you covered here. I was under Bootstrap 4, and was wondering how to change the button look. It was so small. I read the Oath RFC a number of times, and like you said it does a lot. I am trying to map the functional components between the rfc and the video. Twitter would be the authentication server, the client and the user agent would be our application I guess. The rfc was talking about one scenario where the client asks the user to authenticate with the server so then the client can get some services from yet another server. Is it possible to create a tutorial for something like this please? I definitely followed what you covered here, and it helped me a lot with understanding of the RFC, but I want to be sure. I know understanding the RFC is job of pros, but I got to try. I also tried to refactor my existing ASP.NET project to enable Oauth and could not find a way yet. I wonder if that is possible or I should just start from the beginning.
@mmuneebajaz5 жыл бұрын
hi please add 2factor method to your list too ,that would be helpful
@IAmTimCorey5 жыл бұрын
I'll see what I can do. Thanks for the suggestion.
@ronaldjohnson44704 жыл бұрын
Thank you Tim, excellent tutorial.
@IAmTimCorey4 жыл бұрын
You are welcome.
@vivekverma304944 жыл бұрын
I understand adding authentication while creating a new project. But how do we add authentication to an existing ASP.NET MVC 5 project? I can't find any resource for it.
@IAmTimCorey4 жыл бұрын
You have to manually do it. Create a new project with authentication and then copy the settings and files over.
@dhivakharvenkatachalam77594 жыл бұрын
Is there any video or article explaining every step of the logging process such as register, change password , log out for identity authentication in MVC 5?
@IAmTimCorey4 жыл бұрын
We use the Identity process for logging in and out (and registering) in the TimCo Retail Manager.
@thewonderer.world.33 жыл бұрын
You explained same thing in your web API authentication video as well.
@IAmTimCorey3 жыл бұрын
Yep, same system, just a different UI.
@thewonderer.world.33 жыл бұрын
@@IAmTimCorey I guess you should make a video on Web API Token authentication with empty template. Thanks.
@jeremyolu30252 жыл бұрын
Hi Tim - i noticed the scaffolding code produces a lot of excess code which a develop may not use. Is there a way of modifying this, like deleting excess code, changing table names, adding extra columns etc to make it more specific to a business case?
@IAmTimCorey2 жыл бұрын
I don’t believe so. You can tweak some of it, but most is necessary.
@salehawad94884 жыл бұрын
Hi Tim , thanks very much for a useful video
@IAmTimCorey4 жыл бұрын
You are welcome.
@behdadnemati78154 жыл бұрын
Sir please make a video for Identity in ASP.NET Core I spent alot of time trying to tweak identity in ASP.NET Core and since you can't access the controllers for identity in asp core I ended up implementing the controllers again myself so I'd be able to customize identity If there's an easier way please make a video and explain it. I love your channel and thanks for making C# easy to understand and learn for us.
@IAmTimCorey4 жыл бұрын
I will add it to the list. Thanks for the suggestion.
@personkiller199606 жыл бұрын
Thank you so much. Comprehensive content. Liked, subbed and belled.
@IAmTimCorey6 жыл бұрын
Excellent! I'm glad you enjoy the content.
@alimakhmali50885 жыл бұрын
Great work. I am preparing for Microsoft 70-486 exam. Any hints on what videos are must-watch? And books perhaps? Thanks.
@IAmTimCorey5 жыл бұрын
I don't have any exam-focused content but anything I've done with MVC will help. I do have an add-on course that uses ASP.NET MVC at www.iamtimcorey.com that might help you out. It is an add-on to the main C# Application from Start to Finish course, though, so the add-on only covers MVC, not the business logic or data access since they are already covered in the previous course.
@gaatutube4 жыл бұрын
Twitter authentication does not seem to work in this manner any more. Swapped in the solution from stackoverflow post that you showed. Plugged in my key/secret ... tried with both "get user email" checked and unchecked methods ... all of them seem to give a 403 error the moment I hit the "Twitter" button on the login page. Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 403 (Forbidden). Looking through inspect Network tab shows that request goes to localhost:44395/Account/ExternalLogin and gets back a status of 500 (even though it gets back content showing 403 error). No request is ever sent to Twitter.
@IAmTimCorey4 жыл бұрын
Yeah, Twitter has changed some things. There are some suggestions in the comments section about things to try that might help you out.
@shuhoodrahmani82012 жыл бұрын
Plz make a video to print report in pdf format in asp.net mvc5 application. I hope you create as soon as possible. Thanks
@IAmTimCorey2 жыл бұрын
Is that this suggestion? suggestions.iamtimcorey.com/Details/6231b93a407ff5560a669212 If not, I would recommend adding your own to the list.
@paulchisholm663 жыл бұрын
Thank you Tim: A couple of questions. Is it possible to capture additional user data in the EF authentication process such as first name, last name, employee ID number, etc? (Would it be easy / possible to modify parts of the system to hold additional data for example such as the items mentioned above? If I understand this correctly, we are fine to develop this using the local SQL server and then when it is ready to be deployed, one can just say change the connection string to point to a SQL Azure database (for example) and the local database will be recreated in the cloud? Finally, if you want to manage the creation of the user accounts and not let people just come to the site and Register, could you create part of your app that would allow an admin user to create new accounts? (i.e. I get the feeling that you strongly recommend using this authentication system as opposed to building your own and storing the username and password data in a database. Thank you so much for your time and all of the videos that you do, they are wonderful!
@Wesleyvd19915 жыл бұрын
Learned alot from this thanks !
@IAmTimCorey5 жыл бұрын
Excellent!
@josephquesada945 жыл бұрын
Thank you so much!! You explained it amazing
@IAmTimCorey5 жыл бұрын
You are welcome.
@djangounchained73144 жыл бұрын
Hey Tim! Twitter doesn't allow to use localhost anymore to create an App, how do we solve this?
@djangounchained73144 жыл бұрын
Twitter doesn't allow 127/0.0.1 either ... what to do?
@IAmTimCorey4 жыл бұрын
I believe it is because you need https but check the documentation.
@rededu53562 жыл бұрын
Good day sir, what alternative do you use for your database access? Thank you and more power to you.God bless
@IAmTimCorey2 жыл бұрын
Not sure what you mean. I use Dapper with SQL, I use MongoDB, I use CosmosDB, I use Redis - basically, I use whatever database solution is best for the situation.
@amolkolekar41943 жыл бұрын
Excellent video Tim, but I have query, all this stuff is inbuilt projects code provided by Microsoft. What if I want to use my own tables like Users, Roles etc. What kind of changes need to be done? e.g. In a code you have shown Authorize(Role=Admin) what if I want to use my own roles from my own role table? Do I have to create my own Authorize attribute for the same?
@hqcart15 жыл бұрын
Hello tim, Awesome tutorial, Thank you. I have a question about cookies and how to set its expiration date?
@IAmTimCorey5 жыл бұрын
I believe this should help: stackoverflow.com/questions/33701398/oauth2-webapi-token-expiration
@Sclunger4 жыл бұрын
Hi Tim, great video. I am working on setting up external login with ASP.NET Core 2.2 without using identity. Do you remember if you have made a video for that before? Thanks
@IAmTimCorey4 жыл бұрын
I don't have a video like that. Sorry.
@colin-campbell4 жыл бұрын
The password hashing part at 27:57 - It doesn't appear as if the passwords are being salted prior to hash, do you reckon this would be easy enough to implement? For instance, adding in a "salt" column in the Users table and when a user registers, a cryptographically secure RNG value is created for that user which is then stored within the new column. The trick would be finding where, in the C# backend code, the passwords are being hashed.
@IAmTimCorey4 жыл бұрын
You could do that. My big thing is that when I start messing with authentication code, I have the potential to make it worse. This has been tested by Microsoft and a LOT of other companies. My custom changes have not. I get concerned when we start talking about overriding parts, since that means I really need to know the system intimately in order to ensure I do it right.
@colin-campbell4 жыл бұрын
@@IAmTimCorey Ah that's a really good point, if I were to implement a salting system, I'd need to conduct some really thorough testing to make sure I wasn't making the system insecure. I'm just really worried about rainbow table attacks against an application I'm developing. Many thanks for the reply!
@ambroselangat50676 жыл бұрын
Hello Tim. Great works there! Questions (1) Is it possible to to change the database name? How do we do it? (2) How do we create ASP.Net identity database in SQL Server? Thanks
@IAmTimCorey6 жыл бұрын
Good question. To change the database name, just change the connection string. If it is a LocalDB, it will create that new database. If it is a SQL database, it will look for that new database but crash if it does not exist yet. As for creating the ASP.NET Identity database in SQL Server, the easiest way is to create an empty database in SQL and point the connection string in C# to it. Then run the application and try to register an account. It will see that the tables do not exist and it will create them.
@ambroselangat50676 жыл бұрын
Thank you.
@pankajroy69792 жыл бұрын
Thank u for great Tutorial
@IAmTimCorey2 жыл бұрын
You are welcome.
@marcinosiadacz73913 жыл бұрын
Hello Tim, thanks for the video! Could you please advise how can I configure the default user role to be assigned for new users automatically after registration?
@stewiefre3 жыл бұрын
How do we can edit user profile using this system?
@gerardocesarhernandezgayta43043 жыл бұрын
Hey Tim, I was watching this video (amazing btw) and came up with some issues, since Twitter has changed some stuff from this video release until today, and actually got to solve it. My issue was on pressing the Twitter button, it showed me the error "an connection has been forcibly closed by the remote host", there was nothing in the comments here, so found this answer: stackoverflow.com/questions/57271345/twitter-api-responds-with-an-existing-connection-was-forcibly-closed-by-the-rem The solution that worked for me was to add this line: System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; just before setting the TwitterAuthenticationOptions in the startup.auth.cs file... given my limited knowledge of ASP, I really don't know if that was the correct place to add that line since in the answer don't mention it, but it worked nonetheless. I hope this helps future viewers with the same issue as me.
@IAmTimCorey3 жыл бұрын
Thank you for sharing! I'm sure others will run into this also.
@bharatsahlot2233 жыл бұрын
Hey tim, do you have a video/resource which goes into more depth about auth ? Thanks for the great video. Really helpful.
@IAmTimCorey3 жыл бұрын
I don't. Added it to my list.
@mrrcomp Жыл бұрын
Hi,Great tutorial .. Once question if you can I want to LogOff on session timeout... Thanks
@cdouillet4 жыл бұрын
Hi Tim, This is a really great video! Thanks for that. Quick question, I've followed your steps, using local authentication only. If I run my VS project, register and/or login, stop the VS project and then run it again, then I am still logged in. I need to run some code just after successfull authentication. Clearly this shouldn't be done in public async Task Login(LoginViewModel model, string returnUrl) since this only runs when the user clicks on the Login button. Where should post authentication code be run ? Thanks again for your work, helps tremendously!
@IAmTimCorey4 жыл бұрын
Good question. You might find success running it on the homepage, since the user will hit that first (check if they are authenticated). The only problem is if the user is not logged in and attempts to go to a secured page. When they log in, it will direct them to the page they attempted to go to instead of the homepage. So if you can do it in two places, the homepage and the login would be the two places to do it.
@BrianEHo6 жыл бұрын
Very nice video!!! It would be nice if you cover OAuth token access from the client side to consume this ASP.NET OAuth site.
@IAmTimCorey6 жыл бұрын
Absolutely! It is on my list. That was a tough one to get right when I was learning how to set up authentication.
@govindsaini56005 жыл бұрын
Hi tim.. Please make a video, regarding integrate key validation system for window application wpf.. Plz
@IAmTimCorey5 жыл бұрын
I am not sure what you are referring to. Do you mean having WPF authenticate against this provider? Because that is what the WPF app in the TimCo Retail Manager system does.
@KingKhan-oi2wu2 жыл бұрын
Thank you very much Lovely❤️
@IAmTimCorey2 жыл бұрын
You are welcome.
@Zisi9113 жыл бұрын
Hi Tim, awesome video as usual. I've learned a huge deal from you in my steps to become a software dev already working on my own project now. In this one however i have a problem and i cant get the twitter login to work no matter what.I have added the code and even found some other Digicert keys as in some forums they were saying the one in this video have expired, but still i cant get it to work getting always the same error with the secure connection. Any ideas? Have they changed anything, is there a place to find the current keys?
@lyejiajun4 жыл бұрын
Hey Tim! Thank you for the great video. I really appreciate the explanation as most people do not explain in such tutorials. However, just my personal opinion - I feel like while it is great to re-iterate on a point a few times to place a strong emphasis on a concept, you tend to repeat yourself a little too often. I believe most users would appreciate it if you repeat just once or twice less than you already did to make the video more concise! I hope this feedback is useful to you and thank you once again!
@IAmTimCorey4 жыл бұрын
I appreciate the kind feedback. I do work on the balance of repetition. I want to repeat for emphasis enough to show the importance and give clarity but not enough to be annoying. I also try to come at the same point from multiple directions for added clarity. I know I don't always get it right but I'm working on it.
@adrianv.16364 жыл бұрын
@@IAmTimCorey keep repeating Tim! We need it to learn! Thank you mate.
@SnitchShow6 жыл бұрын
All what i can say is, this is a great tutorials and thank you for It:)
@IAmTimCorey6 жыл бұрын
I'm glad. Thanks!
@davidemmanuel30014 жыл бұрын
God bless you tim! we love you
@IAmTimCorey4 жыл бұрын
Thank you!
@john_yeager2 жыл бұрын
anybody know example how dapper and identity can live together? because identity use entity framework, do i need to have different connection strings?
@IAmTimCorey2 жыл бұрын
They can, although I recommend using separate databases. You can see an example of this in the TimCo Retail Manager application here on this channel. If you use one connection string, you need to take care not to create a conflict with the EF updates. Plus, you are mixing your data types. I prefer to keep my security data away from my "regular" data. It makes for easier security.
@john_yeager2 жыл бұрын
@@IAmTimCorey thanks man was very helpful
@arturoordonez-hernandez15344 жыл бұрын
I think I've got a good handle on this locally. How do you change the Database connection for this so it adds these tables to a database on a hosting server?
@IAmTimCorey4 жыл бұрын
You just change the web.config file's connection string, which you can do even at runtime. However, usually what you do is when you deploy it, you transform the deployed web.config file to have the correct connection string.
@arturoordonez-hernandez15344 жыл бұрын
@@IAmTimCorey I managed to get this working on my Go Daddy server; not sure why it wasn't working before. Thanks!
@engrinchik8843 жыл бұрын
Did you manually create the database tables for the user accounts (AspNetRoles, AspNetUsers, etc.) ?
@AndresHohendahl3 жыл бұрын
Is there a simple way to specify to the template or just transform it into a non-MS-SQL-Server server database like MySQL or Amazon AWS Dynamo/María all the databases (at least get the instructions to build them) if not I need manually to change the provider, and create all the databases, this is cumbersome and may fail easily...
@hannykhan31066 жыл бұрын
can you upload tutorials regarding claim based authorization
@IAmTimCorey6 жыл бұрын
I will add it to the suggestion list.
@harag96 жыл бұрын
Again, Excellent video, thanks - I was going to ask about roles (e.g. Gold, Silver, Bronze membership) but you covered this at the end. :) Quick question on the Twitter App ID/Secret keys - I know you covered them up, which is good - but if you delete the app from twitter after creating the video, would these ID/Keys be valid still ? If not, then does it really matter to blur them out ? - No I'm not after your information, just curious on how secure it would be... unless you forgot to remove the app from twitter of course.
@IAmTimCorey6 жыл бұрын
In theory they should be fine. In practice, it might tell you more about my account than I would prefer. I decided to err on the side of caution. I could also request that they be reset and I wouldn't even have to delete my app for them to be invalid. It was just the abundance of caution.
@harag96 жыл бұрын
OK, thanks for that - I wasn't sure as I don't even have a twitter or facebook account. On the Roles, you assigned the roles to the users manually by editing the database, I take it there is function to do this in the code? Could you do a quick video on how we would assign roles to users when they (a, create an account, b, pay for a better membership (gold, silver, bronze roles).
@IAmTimCorey6 жыл бұрын
I'll see what I can do. You have to make your own UI for it.
@AbubakrMahdiSan4 жыл бұрын
Thanks , i love you Tim.
@IAmTimCorey4 жыл бұрын
You are welcome.
@ceksing5 жыл бұрын
Hi Tim - Great Introduction
@IAmTimCorey5 жыл бұрын
Thank you!
@martingoodrich58395 жыл бұрын
A most enjoyable tutorial. Thank you very much. Is there a possibility that you could do a similar tutorial for authentication with Microsoft Office365?
@IAmTimCorey5 жыл бұрын
I will add it to the list. Thanks for the suggestion.
@embossCoder4 жыл бұрын
Thank You. Really Help me to learn
@IAmTimCorey4 жыл бұрын
Glad to hear that
@santiagopiaggio20994 жыл бұрын
Hi tim! Thanks for the video. I followed this tutorial on a .net framework project, as i upgraded it to .net core 3.0, everything works fine, but i couldn't upgrade this to the project. Mycrosoft suggests this : services.AddAuthentication().AddTwitter(twitterOptions => { twitterOptions.ConsumerKey = "..."; twitterOptions.ConsumerSecret = "=..."; }); Doesn't seem to work for me. Do you have any ideas why? -> Error suggest -> "AuthenticationBuilder does not contain a definition for AddTwitter ... "
@IAmTimCorey4 жыл бұрын
It sounds like you need a NuGet package to support Twitter authentication.
@swankyshivy3 жыл бұрын
awesome job. how do you do SSO with another website other than fb twitter etc. so its an existing web app for a company that we want to autkmatically login to a new mvc web app once u are logged into that other webapp?