.NET 8 Authentication with Identity in a Web API with Bearer Tokens & Cookies 🔒

Рет қаралды 92,055

Күн бұрын

🚀 Join the .NET Web Academy: learn.dotnetwebacademy.com
💖 Support me on Patreon for exclusive source code access: / _patrickgod
🚀 Get the .NET 8 Web Dev Jump-Start Course for FREE: dotnet8.patrickgod.com
🐦 Let's get social on Twitter/X: / _patrickgod
🔗 Let's connect on LinkedIn: / patrickgod
Table of Contents:
00:00 .NET 8 Authentication with Identity in a Web API 🔒
01:05 Official Announcement
02:14 Create a Web API Project
03:08 Add an Entity Framework DataContext
06:12 Register the IdentityDbContext
10:18 Add Authentication with Identity
12:04 Add & run code-first migrations
14:35 Run the App
16:34 Configure Swagger to test the Authentication
18:06 Test the Authentication with Swagger
18:58 What about Cookie Authentication?
#DotNet #Identity #WebAPI

Пікірлер: 136

@PatrickGod 7 ай бұрын

May, the fourth.. anybody? 🌌

@usamasuhaib3019 3 ай бұрын

sir please make a video for External Authentication with Yahoo in Asp net core

@joaogabrielv.m328 7 ай бұрын

If everyone had the kind heart and the passion that Patrick has for teaching and .NET, the world surely would be a better place. Thanks as always, man!

@PatrickGod 7 ай бұрын

Hey João, thank you so much for your kind words! I'm really touched to hear that you appreciate the passion and effort I put into my tutorials. My ultimate goal is to make learning .NET and Blazor as accessible and enjoyable as possible. Knowing that I've made a positive impact on your learning journey means the world to me. Stay tuned for more content, and if you ever have any questions or topics you'd like me to cover, feel free to reach out. Happy coding! 🚀💻

@leonidmisak2389 7 ай бұрын

Thanks, man! Very much appreciate your work!

@safiullah9275 7 ай бұрын

Great video! Would be great if you could add the following as well: 1. Authorization roles, policies, etc 2. Extending the existing feature set provided, like login/register/2fa and adding some own logic as well 3. Creating and using our own UserEntity class instead of IdentityUser. 4. Integrating it with Blazor 8 using the best practices Thanks!

@hfpsc27 5 ай бұрын

Yes. It would be great to see the same token/cookie working with other API's and a Blazor client (kind of a SSO).

@PatrickSch. 4 ай бұрын

Yes that that would be grat. Also how to use Authentication and Authorization in a seperate service (API) and connect it to the front end and also other services (APIs).

@orionnebula7167 21 күн бұрын

Halo, do you find a way using roles with this method, and is it possible at all???

@nerdydragon42 7 ай бұрын

Tried implementing this from an article I saw a while back and it didn't work, glad this came out!

@garagamesdev 5 сағат бұрын

This tutorial saved my life. Thank you.

@jeffreypadgett4839 7 ай бұрын

Hey Patrick. Thank you for everything you do and for being a cornerstone in the .NET community.

@PatrickGod 7 ай бұрын

Hey Jeffrey, thank you so much for the kind words! I'm humbled to hear that you consider me a cornerstone in the .NET community. My mission has always been to help others learn and grow in the field, and knowing that I've made a positive impact is incredibly rewarding. If you have any topics you're curious about or suggestions for future tutorials, please don't hesitate to share. Your feedback is invaluable. Thanks again for your support, and happy coding! 🚀💻

@bigfi2772 7 ай бұрын

Thank you for this instructive video. It's really nice how it's so simple now. I would really love a followup video explaining logging with google/MS/Apple or the two way authentification.

@James66662 3 ай бұрын

You are so chilled man Brilliant videos

@decididomojaval5618 3 ай бұрын

Super clean and clear tutorial! love it!

@farahhashim7441 17 күн бұрын

Sooooooo Much Love from Pakistan you are really great teacher for me!😀😊

@marcjohnston3292 5 ай бұрын

This is the absolute first anything I have ever subscribed to on KZbin. This is perfect.

@PatrickGod 5 ай бұрын

Thank you so much!! Really appreciate it! 😄

@CiaranTeachesCode 6 ай бұрын

This is brilliant! It covers so many types of authentication in such a short video & it's easy to follow along with. Granted that it doesn't quite go in-depth with how the authentication types work properly but it shows how to implement it all, step by step, without any issues! Thanks for sharing this & keep doing what you do. You're helping so many developers/engineers, myself included 😁

@aymaniscoding424 9 күн бұрын

so my project runs on Identity 2.2.0 (deprecated) I migrated my project from .NET 6 to .NET 8 but still my code runs on the deprecated package. it feels scary to update it! I planning to add refresh token with my existing JWT how should I go about it ?

@ViktorTy 7 ай бұрын

I was waiting for this video!

@NecquiTeja 5 ай бұрын

Thanks Patrick for this wonderful tutorial.

@SertuncSELEN 2 ай бұрын

I wasted half a day because I added the wrong library. Be careful when adding libraries!!!

@kcbrown74 5 күн бұрын

Excellent video, as usual!!! Thank you.

@luisedwards3534 Ай бұрын

Thank you man, really appreciate your work!

@don_Halapenjo Ай бұрын

Very useful guide, thank you!

@osamamirza4220 5 ай бұрын

Awesome and informative as always!! 💯❤

@heropoterxd5142 3 күн бұрын

Thank you Very much for this amazing video

@IlyaArlenka 4 ай бұрын

When took some NZT pills and decided to become a developer :) Thanks a lot, Patrick!

@6shawry 6 ай бұрын

Hi Patrick, thanks so much for the video. I just have a quick question, with these new security controllers, is there a way for us to be able to override the default logic? E.g. if I wanted a bespoke /register controller

@thegoatmachine980 21 күн бұрын

You are the best. Thank you!

@TheMezanine 7 ай бұрын

Amazing, Microsoft did a great job with this feature in .Net 8, thanks Patrick for this introduction!!!

@PatrickGod 7 ай бұрын

Glad it was helpful!

@maththaioseleutheriaphilos2320 7 ай бұрын

It’s great, what You are showing here. Could You prepare tutorial how to use new authorisation in Blazor WebAssembly, please?

@hfpsc27 5 ай бұрын

Thank You! Great, simple, eficient. It would be nice if we could see something like a SSO with other API's and/or a Blazor client. 🙏

@user-oj1lf7tl2b 4 ай бұрын

Thank you , Amazing video!

@electrocatalyst 6 ай бұрын

Is there a way to use the new Identity Endpoints without EF? Eg. if I'm already using Dapper for db communication?

@user-md3id9kb8p 2 ай бұрын

Great tutorial!! Thx

@sachinkamboj8426 Ай бұрын

That was amazing although faced few issues like separate DAL and lib version 7.0.11 . But I am able to achieve this with dotnet 8 and Postgress db Thanks

@TheWoodyj007 7 ай бұрын

Are there any examples of this that don't use EF? Some objects templates with something like Dapper?

@astroimagers 7 ай бұрын

Timely. Thanks!

@PatrickGod 7 ай бұрын

You're welcome!

@_rachid Ай бұрын

That's cool. Nice feature. Thank you.

@nasermasri3816 3 ай бұрын

I am watching your tutorial when our baby also sleep:)

@hpannu 4 ай бұрын

Can you please elaborate refresh token concept also. Once access token expires, how to implement refresh token thing?

@user-dr1tm3qt4c 6 ай бұрын

A question, i have implemented it in my API project, but (i'm using controllesr too) i can't find the controller relative to the auth functions, or i have to create a service that inherits from the identity one ?

@souissioussama9485 Ай бұрын

Thank you bro

@LegitoTV 3 ай бұрын

Hi Patrick! This is pretty new to me as I am used to making my own code that does those functions. How do you configure the Register controller? For example lets say I want to also execute some other code when registration happens, or change the password requirements. How can I do that?

@edgardavidaliende9121 5 ай бұрын

Awesome video it's very useful!!!

@scubaaddict 7 ай бұрын

Hi, will this work in blazor 8, be great to see more info on how to implement auth in blazor web app. compared to blazor server and wasm. :)

@xanhxanh5097 7 ай бұрын

please continue this tutorial make a part 2, to integrate it into a spa :D:D

@philipatha 4 ай бұрын

But how does the auth work across separate microservices? That would be good to know.

@Valoo24 6 ай бұрын

Really nice tutorial thanks ! So does that mean that the client doesn't need to handle tokens anymore if everything is handled in the api with the cookie/session method ? Anyway, keep up the good work !

@GraceAnnSalvame 3 күн бұрын

Thank you. I hope you will make Role-based authorization for .net 8 in a web API

@MB-nw5sz 4 ай бұрын

Great video, thanks Patrick. There seems to be one missing piece of the puzzle though. This is great from Swagger, but - when you need to send the cookie (as Bearer), then how is it possible to grab the aspnet cookie - from Wasm especially - to be able to pass it? I can't find anyway from Wasm to be able to grab the cookie (apart from AFTER rendered, via JsInterop which is too late - unless i'm missing something)

@kerpackie 7 ай бұрын

Would you consider doing a video on implementing custom OAuth identity providers in Blazor WASM Hosted, similar to your Google OAuth video, but for non-standard OAuth providers, such as Discord, Battlenet, Github, etc.

@saschaheimann4120 Ай бұрын

Hello Patrick, I'm a huge fan of your videos. I've bought a course on udemy too. In this case the video is nice and helpful too. But it would be good to let people know that using duende identity api's can be a license thema. So if you develop an open source application you've to inform everyone that if you use that application in a commercial context, depending on the size of your comopany you've to pay license fees to duende! I would be very thankful, If you can make a video about Authentication and Authorization without Duendes Identity API's in .NET8. Wish you all the best and thanks for your videos!

@dacamapo 4 ай бұрын

What id colors setup do you use?

@leothlon 6 ай бұрын

Thats nice, but how about when you need to use it in a real world situation with old user database and information? i need to make custom sql query requests to fetch a custom user object that i then need to access from my controllers? i can't just use identity database because my user database is used systems coded 15 years ago

@abdo.magdy. 7 ай бұрын

can we configure it to use phone and otp for login instead of email/password?

@musab.salah1 4 ай бұрын

If i need add custom identity data like AplicationUser i need yo use a custom endpoint? Or there’s a way to do it on the built in endpoint!?

@luisedwards3534 Ай бұрын

Do you have a video of how to customize the /register controller generated by NetCore Identity?

@DevBeginnerU 4 ай бұрын

I came across your informative video on integrating an ASPNET Core API and found it really helpful. I'm in the process of implementing this in a .NET MAUI application. However, I'm facing some challenges in fetching data from the database tables created by the API within the .NET MAUI app. Could you provide additional guidance or resources on how to make API calls and handle data retrieval specifically in a .NET MAUI context? Your insights would be greatly appreciated!

@marciliojrr 6 ай бұрын

Hi, @PatrickGod First, great video! Thanks for that. You told that token isn't a JWT. For professional applications, the mode showed in the video is safe? PS: Sorry for the english. I'm from Brazil, and I'm trying to write without Google Translator to learn.

@FilippoBellei 3 ай бұрын

Same question

@HaeriStudios 6 ай бұрын

Great Tutorial! Would love to see social login next. Dumb question, how do you log out again with a httpOnly cookie?

@user-iv1hf2vn4q 4 ай бұрын

Hi, thank you for your great tutorials. It would be great if you could say how should we customize the register and login APIs. For example, what if I want my user to register with {username, email, password} instead of just {email, password}

@SquidSnipes 4 күн бұрын

What about m2m and reference tokens? Also what about protecting api resources and using introspection to authenticate tokens? Also what about scopes

@xxmaniakaxx9781 28 күн бұрын

Hey is the refresh token working by itself too and refreshes the bearer automatically if it is expired ?

@benechem897 7 ай бұрын

I've learned more in a couple minutes than I did in a full semester. Now, what if I want to generate api key in case I want to give other people access to some data without the need of an account?

@alkmyalcn3275 2 ай бұрын

Hey Patrick thank you so much for great explanation of Authentication Flow with Identity in .NET 8 Web Api !! 👌Can you please explain or make a tutorial with MongoDb version of this one and/or the key points of implementation of MongoDb?

@Alakeks 6 ай бұрын

Hi, Does anyone have a hint how to limit options from this new identity for example to to delete two factors methods endpoint?

@LifeWithSeb99 2 ай бұрын

Is it possible to disable some of those "out of the box" controllers? 2fa for example..

@peymannaji Ай бұрын

I made the settings for Swagger like as you did, but it doesn't send the authorization header. And it only works with Postman. And I would like to ask you a tutorial about role-based authentication.

@cryptoeric24 Ай бұрын

Question, the section on cookies. Is the cookie stored on the server after valid email/password??? I don't see it in the response

@FahadKhan-fq4zw 3 ай бұрын

Hi great tutorial, I followed all the steps but after launching the API I didn't get endpoint like register , login etc. I only have default weatherforcast. Is there anything else I have to do to get other authentication end points. Thanks

@LuizFelipemb 4 ай бұрын

This video save my job! Thanks! hahahahaha

@dogoku 5 ай бұрын

A video about setting up 2FA would be great

@vivekkaushik9508 7 ай бұрын

Great video Patrick. However, I must ask what was the improvement that has been made compared to previous version of dotnet? It'd have been nice if you quickly showed the previous way of doing Auth in dotnet. Great video bdw.

@PatrickGod 7 ай бұрын

Hey! Here's the video with JWTs in .NET 7. Hope this helps: kzbin.info/www/bejne/i6jVpqp-oZh1orcsi=v4pXBo-AIGl1tVuf

@TheLastEmperorXiXinPig 6 ай бұрын

Need some guidance. If I want to use Identity in this way but instead of a password, use a one-time code instead, how could I achieve this, would appreciate any tips.

@nicko9958 Ай бұрын

When should I use Bearer Tokens instead of JWT?

@youngitalo6045 2 ай бұрын

Hi Patrick, nice Video. i have a ask to make. How i change the things, like, the proprieties of register, like. to have a name and more?

@williambraun6593 Ай бұрын

Hi Patrick, is it possible to invalidate bearer tokens created with this method? I am trying to create a logout endpoint for my app but I can't find a way to do this.

@majkel1381 7 ай бұрын

how easy is to configure claims?

@aymaniscoding424 9 күн бұрын

@boluwadekujero1717 3 ай бұрын

thank you for this wonderful tutorial. I am however having issues replicating it fully. Everything works except authorization. I login and receive token. I use the token to authorize the swagger. But when I try to execute the weatherforcast endpoint, I receive the 401 response "Unauthorized" response. I have tried replicating your tutorial twice with different new projects and the result is the same. Please advise. Thanks

@kennethlooney6769 2 күн бұрын

Hi Patrick! I can't figure out how to change the time the token expires from 3600 to something like 30 days. I tried even to ask Copilot but it gives me wrong source code to change it. I even told it that I am using .NET 8. If you could give me a hint how to do it in .NET 8 it be great.

@netrunner1987 7 ай бұрын

So, all of those APIs are ... just part of the packages and no code required?

@mrcoulson58 Ай бұрын

Super tutorial. One question: how can we set the expiresIn value to something besides 3600?

@mrcoulson58 Ай бұрын

Got it. For anyone else struggling: builder.Services.ConfigureAll(option => { option.BearerTokenExpiration = TimeSpan.FromDays(1); });

@golljhjkahsdah2817 3 ай бұрын

awesome.

@imagicd Ай бұрын

Hmn, I don't want the generating authentication register/login. I have the table User in my database, how to use it for authentication?

@warrock0009 6 ай бұрын

Did I miss something where we are setting IssuerSigningKey?

@GregsonJamesMedel Ай бұрын

Hi Patrick, New subscriber here. May I ask, how to do this using google or microsoft authentication?

@guilhermealmeida194 6 ай бұрын

Could you make a tutorial on how to implement this API in a website with a login/register form please. Thanks

@sandanuwan4441 7 ай бұрын

Hi, can you add these codes to git and provide the link in the description.

@moatasemkremed5395 4 ай бұрын

How do you scaffold identity API Endpoints

@kirillzlobin7135 3 ай бұрын

You did not install anything to use IdentityDBContext. Is it a built in thing?

@AdharshMk96 5 ай бұрын

What is the content of the cookie ? Does it store some session in database ? Its not jwt, what is it ?

@MrRuffythemonkey 5 ай бұрын

it is in the Application memory.

@ahmedhafiz2419 23 күн бұрын

I cant believe there's no official template with this or even an official documentation. Thanks. I have to watch the video with sound, but how do I add JWT functions to this app?

@geepy5708 4 ай бұрын

How do you change the time the token expiresIn, it is 3600 by default. Also can you add roles using this method?

@orionnebula7167 21 күн бұрын

Asking after 3 months, do you find a way using roles with this method, and is it possible at all???

@bojanmirkovic3564 2 ай бұрын

I am getting this error no matter what I do: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) // why?