🚀 Join the .NET Web Academy with a 30% discount - closing soon! 👉 www.dotnetwebacademy.com/courses/academy?coupon=dnwas23yt

Thank you! That was the best one I've seen yet on this topic. All of the others are either impossible to follow or just fly though it so fast, they skip over their boilerplate code that we're supposed to have or type something so quickly and jump off the screen, we have no idea what they just did. There is ALWAYS something they have pre-installed and just assume we have it too. You are the first one that didn't do that.

Hi Patrick, how are you? I hope all is well with you and your baby! I'm from Brazil and thanks to your tutorials, I got my job as a Junior programmer, I thank you from the bottom of my heart and I hope one day to thank you in person. my dream is to visit the USA. and once again thank you very much God bless you!

¡Gracias!

You are my .Net 6 Web Api teacher!! Thank you Patrick 👍

▶ [Part 1/4] .NET 6 Web API 🔒 Create JSON Web Tokens (JWT) - User Registration / Login / Authentication: kzbin.info/www/bejne/rGjUZKN7gJZ4d5I ▶ [Part 2/4] .NET 6 Web API 🔒 Role-Based Authorization with JSON Web Tokens (JWT): kzbin.info/www/bejne/inW8kHeqiaqem9U ▶ [Part 3/4] .NET 6 Web API 🔒 Read JWT Authorization Claims of a User (from a JSON Web Token): kzbin.info/www/bejne/nJm6ep6Ye5Zroq8 ▶ [Part 4/4] Refresh Tokens with a .NET 6 Web API 🚀: kzbin.info/www/bejne/fnislXSkZ81reKM

One video that I haven't come across but which would be useful to many is an elegant way to handle cross-cutting concerns in WebAPIs, for example, without having a ton of code in, or called by, the controller. I don't think that the decorator pattern applies well to Web APIs, unfortunately. The cross-cutting concerns I can think of (I am sure there are more) which might apply to a web API include: - Logging - Caching (memory, Redis...) - Performance timing - Authorization - Authentication - Validation - Exception handling - Auditing (e.g. Log the jsonified parameter object) - Debounce - Rate limiting - Duplicate detection - Retry - i18n? - Transactional processing - Fault tolerance (e.g. Circuit Breaker pattern) - Persistence - Real-time constraints - Synchronization

Thank you Patrick, Waiting for the policy based also

Patrick, your videos are REALLY clarifying! Very nice job.

ABSOLUTE PURE GOLD!!!!! Thank you for this video!

Great stuff. I am working my way through your Web API Authorization series, and I am learning a lot. I really like that you break down the different parts to use JWT, so we really come to understand how it works. Best wishes to you and your family. Nice thing to get a little peek into your life too.

Thanks. This video really helped me out at work when documentation was failing me

Man, you just became my netflix, i watch more of your content then any other thing haahahahaha great stuff, congrats for such a good job

Ein weiteres tolles Video, vielen Dank dafür :-)

Binge-watched these two vids this morning for breakfast, think it was this one where you weren't too happy with the new intellisense. Me, sometimes it's bad, sometimes it's right on, sometimes it's half on. it's annoying when it's half on because me, wanting to save keystrokes, i have to do a mental calculation between tabbing into it then correcting it (e.g. it's suggesting IF(ENTITY != NULL) when i want == ) overall, with my typing style, it seems neutral as far as keystroke/time saving, so am putting up with it because i know MS will fine tune it. also, the great escape!! Lol, if it's annoying you, you can always hit the "esc" key and it will let you do your thing without offering unsolicited advice. Lol, that's what it is right? That annoying friend hopping around your feet that, halfway through your statement of intent, eagerly interrupts you with, "you know what you should do right?" (Then the annoying friend clouds your mind with a bunch of grey letters, lol) anyway, i thank you for these vids because as of .net 6, when one creates a new ASP.NET Core hosted Blazor Webassembly app and enables "Individual Accounts", it pushes in this... not gonna look it up, the point is, it comes with a license agreement that it is free for small-time schmucks like me--FOR A YEAR. Then what? since 2008 when i started with the MS tech stack, security was always an annoyance for me--though an annoyance i had to get right. (They've changed it so much... gah, that in itself...) i wanted to focus on my intent, not implementation details of system.yadaYada.cryptography! now i must, which is where you come in hoss. i don't like spending good money on sh*t that i could have googled myself. With your upcoming .NET 6 Blazor WEBASSEMBLY (I hope) course, will the solution begin with a standalone blazor webassembly app, a back-end web api app, and how to connect them along with how to do authentication/authorization WITHOUT using any third party middleware that might want to charge money? gotta admit, i'm hesitant to spend money on "courses" because i've generally found them disappointing. I'm self-taught (and yes, brain-dead), but often the courses are beginner's sh*t, no real-world examples, and overall, gah! I feel like i got screwed out of the first month's subscription (which of course i promptly cancelled) i just might do your Ko-Fi thinga-McJigger for these youtube vids, but constant (sometimes annoyingly so) references to your course... i'm hesitant. Not because of you, but because of your progenitors. with love and support, me

die jwt reihe ist super hilfreich. vielen dank für deine mühen!

Hi Patrick, Looking forward to your next course.

My .NET power is now over 9000!!!!

Hey Patrick! I'm from India, its really helpful lecture. Thanks a lot.

Thanks for all the Blazor!

Thanks Patrick, Awesome

Your oAuth tutorials have been extremely helpful. Thank you very much :)

You are awesome Patrick.

25:45 - said like a true developer 😆. Stay curious! Great series on JWT Auth Patrick, thanks!

Very clear thx for uploading,👍👍👍

Your videos are always my go to, thank you!

Well demonstrated, thank your for taking the time to explain it 👍

I was struggling with that kind of authorization. Thanks for it. You are coding Thor... 👍👍👍

You're the best Patrick :) Thank you

U R a great Teacher

Ok i am getting ready for some international job, more to practice, thanks to this God

Great content i have followed your JWT token and this video both are amazing

maan I love ur channel and tutorials, very thanks for the lessons!! u'r great

This was really good! Thanks for making it

Great video, but how can I implement this if the role comes from a database? and it is not in the bearer token

Thanks for the great videos, exactly what I needed to configure JWT for my new API

I think I will write the whole project thanks to your videos 😅

Really great video. Thank you so much.

Thanks for the video, greetings from Brazil.

Another great course !! Weil explaîned

Anyway, thank you for this tutorial, it worked very well! Just one more question: is there any way to decouple, let's say, the token role claims from the role names? What do I mean, for example, instead of a string value for role, the User table might have a foreign key RoleId, with the roles specified in a separate table; so, the JWT token might have only that number, with the server then doing the mapping between the role strings specified in the attributes and those role IDs. Or is it not really a common practice in actual systems and I might be better off just, as here, fetching the role name from the database and just putting it into the token?

Thanks for the great video..! 😍

Thank you for this video. This helped me a lot. Actually I was given a task exactly on this topic, and I found this tutorial helpful 😊👍

Thanks for this video!

Thanks a lot Patrick for clearly explaining each concept with practical solution. It really helps us understand the concepts in depth, Much Appreciated Efforts. Bible for Interested Developers

thanks Patrick, u have a new suscriptor.

why i do the same as you but i always get 401 error, anyone like me?

Great stuff, thanks 👍😊

Firstly, excellent tutorial, u are the best ! but Let me ask something , if a do not need the role based authentication , i can simple jump this video to part3, or i need to watch until the Add SwaggerUI Authorization?

Amazing video. It help me a lot. Keep it up!!!

Fantastic video. Now for a question: If i have an endpoint that takes the role "CalendarParticipants". This endpoint allows a Calendarowner to remove a user from the calendar. How can i check that the Calendarowner is in fact ... the calendar owner. Cause the parameters are "CalendarID" and "UserID". So even though i validate that the CalendarOwner is of the role CalendarOwner it doesn't ensure that he is the owner of that specific calendar.

You're creating awesome Videos. Love coding alongside :-)

Great Content!

Saved my life!

So cool

Damn Impressive!

Hey. Nice tutorial! Is there any way to put in a variable in the Authorize attribute or do I have always have to put in a string manualy?

Great video

Thank Patrick ;-)

Thank you

So complicated just to add some security lol, good video btw.

Thank you why don't use Postman ?

Hello Mr. God, thanks for sharing. The question is, can you please provide a tutorial about authentication in the Console Application? Thanks in advance.

Thank you so much ! I have a question: in Claim properties can we set any prop without MS boilerplate inside token ? sorry if my eng is not good enought :P

Great video, thank you very much !!!!

Hey, just wanna ask if I should add a property call Role in my user model then use that in ClaimTypes.Role?

Thanks Patrick, great video but what if I want to authorize an endpoint for more than one role?

After watching video. I have question. When I register - I always get 'admin' role? How can I add at least one more role? So that admin can do all, and guest or noob can just read. This for API with CRUD functionality. Thanks.

We have an Active DIrectory shop. Is there a way to do this with AD without any tokens?

That's an amazing video! One question please, You mentioned on a comment that the Token is signed with the servers private key(taken from app settings/token). That means that if the same key is used in multiple servers, the same token can be used and will be valid independently of the server handling the request. Is that correct?

Probably stupid question. But in your .net 7 tutorial you set up authentication and login, and in the end you linked this video, which is .net 6 roles. Is it relevant between .net 6 and 7?

Thank you Sir to sharing knowledge with us. I have a question, just maybe my knowledge just not to good, but why you put the roles inside that get weather method? The roles get from registration process, in registration page maybe and that on client side and the roles is from what the admin gives. Why not Just put [Authorized] above the [Route("[controller]")] and that just enough?

It would be also great to see you explaining how to store passwords on Azure Vault or a similar system. Thank you!! keep up the great videos.

hi Patrick, good tutorial. How to implement multiple roles ?

completed!

Can you make a video about Authorization with one-time password (OTP)?

Thank you brother!! could you please make a video on Code First Approach Web Api Please ?

Wonderful video. Great content. I have a concern though, if it is possible to decode and view the role, what stops the client, or in this case an attacker to edit the role to lets say 'admin' and get access to endpoints they are not authorized to see.

As always well explained. 😉 You did show how to add that JWT Bearer token in the header of the HTTP request using Swagger. Can you also make a video (if the video is already there where can I find it?) demonstrating how to add that JWT Bearer token to the HTTP request using code? For example using a Handler etc. Thanks.👍

amazing

I have a question, if my Authentication API discuss with another Server, the Server must have his proper role ? Or that's not the best way to send messages between my 2 applications API & Server ?

Hey, bro! You are cool!!!

How about RBAC that role can have permissions?

does anyone know where in the microsoft docs they explain what needs to be done in the program file? I can't find any mention of exact steps to introduce authorization.

Initially take a thanks

thanks a lot !!!!!

Can you create function base authorization?

thank a lot

Thankyou Sir! hw to implement jwt auth for controller?

Hi i still dont understand after watching 15 videos what is ValidIssuer and ValidAudience, you you put to false both... is that fine?? if not, how do I know what to put in both string???? my API is in Auzre with swagger, i dont get it

isn't that static user at the top a problem? how is that will work with multiple requests

Thanks!!!!!!!!!!

Thanx, i finaly understand why my AutZ is not working )

Hey man,what to do if it says that your token is invalid when you want to the get request of the weathercontroller api?

i want to use auth plugin , vue frontend, .net core , mssql for backend, Can you suggest please.

Great Video. Can you do a .Net web api with sqlite tutorial?

How program.cs webapplication came?

Can you do a video on permissions?

Just subscribed your channel....

Thanks for your video. I appreciate your explanation but I added addAuthentication, but still get the response 200, any hint for that?