This is such a helpful addition. I recently had to build whole identity system and whilst a lot of the heavy lifting was taken care for me by identity, I had to build the endpoints for generating & refreshing tokens, resetting user passwords, etc. This would have saved SO much of my time.
@jessecalato4677 Жыл бұрын
@@ApheliontI'm seriously thinking about this right now.
@eg8568 Жыл бұрын
@Apheliont I'd always recommend against implementing your own solution (and said so to my company!), but they didn't want to pay the license fee for Duende. Anyways, deep diving into Identity/Open ID was a good learning experience for me so I can't complain
@Velociapcior Жыл бұрын
@@eg8568 Azure has 50 000 MAU for free on B2C
@virtualdars Жыл бұрын
You are not alone.
@HarrishSelvarajah Жыл бұрын
@eg8568 Why did you not have a look at dunde ?
@josephizang6187 Жыл бұрын
This is perfect! I think Microsoft should prescribe the right way of doing things and leave it to devs to customize it in anyway they want. Nice video Nick
@Paul-uo9sv Жыл бұрын
November 14, 2023 ASP .NET Core 8, with its much-anticipated features and enhancements, is scheduled to be officially released on November 14, 2023
@araz91111 ай бұрын
Is this thing secure?
@SM-tj4jc4 ай бұрын
@@araz911 No, it is not.
@ExpensivePizza Жыл бұрын
I literally just manually coded something like this a couple of weeks ago. This would have made things much easier. I would love to see more content around this topic on the different token types, how to integrate it with front end frameworks like React and Vue and different backend databases like MongoDB.
@luis1118 Жыл бұрын
Hope the new documentation will be clear about the addition of social login options 😬
@PippiTheLongSock Жыл бұрын
I would love to see how well these endpoints could be customized. For example, what if you want to have some custom fields when registering a user (first name, last name, etc). How can you modify the request body? You also need to override the underlying implementation of the given endpoint. Suggestion for you Nick: When all of the new improvements to the way we deal with identity are finally released in dotnet 8, can you create a full course on what would be the modern/recommended approach of working with identity. Because over the years there have been so many ways and it really has become confusing (especially for a beginner). Also, Microsoft have been pushing the Identity UI MVC (or was it actually razor pages, idk) built-in capabilities, which for me was a mistake as the industry is really moving away from the MPAs. I promise I would be the first to buy this course :) Edit: You can even collaborate with Anton from RawCoding because as you know he is very passionate about auth
@10Totti Жыл бұрын
Exact!
@jomama55ful Жыл бұрын
I have to agree. My learning experience with auth was painful at best and has led to a lot of confusion as to best practices. In the end I found using third party solutions was less painful as a rule.
@mateuszkaleta1495 Жыл бұрын
That's the point
@1dfe-4e68-bd9f Жыл бұрын
yeah! it's like a marketing feature😅 this is for programmers who like to compare programming languages by writing helloworld application )) loook, in python enough "print('hello')" in c# it needs so many codes like (class program { static void Main(string[] args) { Console.WriteLine('hello'); }😂😂
@elpe21 Жыл бұрын
I guess you have to scaffold the endpoints and do what's necessary. Additional fields most likely is just a matter of adding properties as those endpoints will work on T where IdentityUser
@virtualdars Жыл бұрын
This is great! In this example the protected endpoint resides on the same Auth microservice (with RequireAuthorization()). Nick, can you please show us another sample of the separate API service that performs validation of the access tokens issued by this Auth service? Thank you!
@drrd51456 ай бұрын
Would love to see that! I'm looking for an example in .NET8, where I have a service that is used for login/token authentication and other API (separated service) that will use the token to call the service. Looks like any example assumes that the services API are the SAME as the authentication API.
@elias.mantzorosАй бұрын
Any new about that? I'm interested to learn how can you seperate auth logic to different API from business logic API
@jeffbarnard348 Жыл бұрын
This is great for small projects, but it's not OAuth2.0 and OIDC standardized. We'll still need to integrate OpenIddict or IdentityServer for full compliance
@Jared-150 Жыл бұрын
I've been using OrchardCore just for its out of the box OpenIddict.
@TheProTip Жыл бұрын
My other comment got deleted because I linked the repo.. There is code in the Asp Net Core project for handling OIDC flows (including I believe opaque tokens). If you don't need to be an IdP it's all buried in there and you can scaffold out the UI and see the stuff in action via the Razor pages right now.
@shanemonck3225 Жыл бұрын
second this, very correct
@carson84176 ай бұрын
yeah they destroyed the authentication that we actually need
@SnOrfus Жыл бұрын
This is definitely great, and a move in the right direction. That said, in the enterprise, it’s extraordinarily rare to build authn as part of your API like this. You’re almost always integrating with a 3rd party IdP/oidc/saml, and that integration is equally annoying.
@rzaip Жыл бұрын
Yea, I was just thinking if this could replace IdentityServer and came to the same conclusion that this is mostly for single apps that doesn't require oidc or single sign on.
@fifty-plus Жыл бұрын
Finally, I've been using this since it dropped instead of writing a ton of custom code. Very nice.
@hemant-sathe Жыл бұрын
It’s great to see the improvements and also encouraging to see David Fowler replying to questions. Loving it. Is it possible to set up an independent auth server with this to be shared across multiple services? Also does this work with other third party systems like social login and azure Active Directory? Can we map the user with any Active Directory attributes like email, name, groups etc?
@Zenoc2 Жыл бұрын
+1 here wondering whether this can be used with an independent auth server for multiple services!
@eg8568 Жыл бұрын
@marklnz why wouldn't you call the extension method to add the endpoints? Functionality such as resetting user passwords etc would likely still be needed
@SlugiuesRex Жыл бұрын
Also, are there any improvements in net8 that work more efficiently with Azure Functions ??
@hemant-sathe Жыл бұрын
@@marklnz I tend to favour Azure AD instead of local auth db. Azure B2B can be overkill at times but then you don't need to worry much about the authN functionality.
@luigicfilho Жыл бұрын
For my case, I'm going for another approach, because the token get exposed in the client, any script on the browser has access. This can be a great idea to do a new video about the "backend for frontend" :)
@d0neall_ Жыл бұрын
What approach did you go for? Have a video?
@luigicfilho11 ай бұрын
@@d0neall_ I use the backend for frontend approach, I don't think there is an video about it it's pretty new
@RebelliousCanadian Жыл бұрын
Love this update. Wonder how good this works with Swagger/OpenApi and more clarification between this and a JWT bearer tokens?
@kabal911 Жыл бұрын
Will be seamless with Swagger, they are just endpoints. I’m guess that the difference is that this token is not base64url encoded, and does not contain client readable info, unlike a jwt
@sikor02 Жыл бұрын
@@kabal911I don't see these endpoints in swagger edit: I had to add builder.Services.AddEndpointsApiExplorer(); builder.Services.AddControllers(); I worked on blazor dotnet 8 app and it wasn't included by default.
Жыл бұрын
Looks great I just hope there is enough customization possible and (more important) that the documentation for customization is well written. Are there also razor pages/blazor templates for UI variants of the endpoints?
@cn-ml5 ай бұрын
1:57 like that reference 👌
@brandonpearman9218 Жыл бұрын
I'm always worried about customization with black box magic because it looks simple until you use it in the real world. if I have to work on a system that implements this, how long will it take to figure out how to customize it. For example I may need to send an email on register, or maybe I need extra data on register to setup a relation to another entity.
@benjamininkorea7016 Жыл бұрын
Well, i think the idea is that you can call the API from anywhere in your server-side logic.
@marijnfeijten Жыл бұрын
For one of my projects I was looking into doing this myself and thought it would be a pain to setup. Then I saw that Microsoft was adding this and it looks really cool. Thanks for explaining yet another great topic!
@dyakobaram Жыл бұрын
i wish they also made seeding admin accounts easier with roles and claims. can you make a video about it?
@arjix8738 Жыл бұрын
If by seeding you are talking about creating the default admins, then you can do that before you run the app. You can manually create a scope and get the db context.
@andrewcolleen1698 Жыл бұрын
@@arjix8738that’s problematic if your app is distributed
@z_prospective1608 ай бұрын
this is usually done via a post deployment script. if using ef core migrations you can do this in your db context class.. you can do this in your "OnModelCreating" method via the "HasData" method.
@microtech2448 Жыл бұрын
That's great that it is out of the box now. It would be nicer if it could be jwt format
@jerryjeremy4038 Жыл бұрын
I really like it. Thanks Nick. I hope you create a video about this in full details and features.
@AceSyntaxx Жыл бұрын
I'd appreciate some explanation of how this integrates with other identity providers, Facebook, X etc. This looks like oidc/oauth, but you say it's not JWT, which bothers me. Could you enlighten me?
@kawamustudio Жыл бұрын
Oidc and oauth protocols does not require token to be in JWT format.
@iSoldat Жыл бұрын
Can the new auth changes accept the AD as a user store? if so, how about mapping membership groups or custom AD properties in claims?
@WTHBrou Жыл бұрын
How extendable is it? For instance, doing the classic step to use BCrypt or Argon instead of their default hash implementation? All it leaves is the authorization setup side to do? So far I find it pretty awesome. A huge facade made by Microsoft which certainly solves the complex setup it requires to properly create your own Identity Server. I don't remember how many times I have recalled to the documentation and guides when setting up one of these. Marvelous move done by Microsoft.
@lukegordon4734 Жыл бұрын
Pretty easy to use bcrypt or argon2 with this. You just specify the password hashed singleton for the DI to use (I’ve done this for both already)
@MaximilienNoal Жыл бұрын
Finally ! It was such a headache.
@thechrisgate Жыл бұрын
True
@nepalxplorer Жыл бұрын
Yes
@todorkatsarski7487 Жыл бұрын
I loved that Doug reference. THIS is awesome content.
@EzequielRegaldo Жыл бұрын
Where is the secret or cert? Can we change endpoints names? Can we choose features instead get all or nothing? Can i do an authentication server with this out of the box or integrate this ?
@cjt915010 ай бұрын
Good work. Can you please create a video for custom authentication with cookie/local storage/session storage & without identity
@socomjoy45635 ай бұрын
Need this, too 😲 with some other stuff like persistence (e.g. pressing F5 will log you out in Blazor Server) ... - never found a working solution for this
@jeffjones9502 Жыл бұрын
This is awesome! After setting up auth so many times this will definitely help streamline and make the process easier.
@saicharan1000 Жыл бұрын
I just needed this for what I am building. Thanks a lot.
@victor1882 Жыл бұрын
I wish they had gone with OpenIddict, but I guess they don't want another IdentityServer situation and that it would be a competitor to Azure AD (or Entra, I don't know anymore)
@jjeffh6 ай бұрын
StartingAsync! I think that solves a problem (a dirty background service hack like you mentioned) for me. Thanks!!
@Daanik8 Жыл бұрын
I liked the humor! 😂 But hey Nick, it would be great if you show how to integrate this identity authentication and authorization with keycloak!
@Ballebone Жыл бұрын
Ha! I was going to beg for the same thing! All of our apps require KC use. Scopes and refresh are an added bonus!
@KobeBlackMamba245 ай бұрын
Perfect…just perfect. .Net really stepped up their game
@KobeBlackMamba245 ай бұрын
As usual
@GlebWritesCode Жыл бұрын
Really helpful. Is there an option to get this working so that Identity endpoints are not in minimal API fashion?
@allothernameswherealreadytaken Жыл бұрын
Fantastic! I wish they had implementet the passkey auth though.
@souleymanembengue5989 Жыл бұрын
Good but It would be better to implement standards OAuth and OIDC but Microsoft does prefer to sell Azure Active Directory...
@alex.semeniuk Жыл бұрын
Nick, you are doing a great job! Keep it up.
@btogkas1 Жыл бұрын
What would be nice to have would be 1. Invalidating the token (one login, locking the user) 2. Ability to see online users. 3. Dynamic ACL based on user rights - role rights
@ryanobray1 Жыл бұрын
I think this is great simplification. I do have some questions though. First, is it safe to assume that .net 8 is using data protection under the hood for managing the certs used to mint the JWT? If so, is the only out-of-the-box way to implement this in such a way that it's cluster safe, to enable sticky sessions on the load balancer? I could see that becoming problematic with long living tokens though. I'm curious to know the best practice for implementing this in a cluster because unless Microsoft has added more options since I dug into it deeply, data protection isn't all that easy/reliable to implement in a cluster without just using sticky sessions. I once wrote my own SQL server solution for hosting dp keys, but it was difficult to avoid timing issues. I had to use locking techniques to prevent failures when all nodes in the cluster were spinning up at the same time. I had to role my own because the MS sql server dp provider didn't properly handle that very concern.
@davidfowl Жыл бұрын
1. It is using data protection yes. 2. The token is not a JWT, it's a different format. 3. If there are still timing issues with data protection providers, we'll need to fix them, these tokens are on top of that subsystem.
@ryanobray1 Жыл бұрын
@@davidfowl Thanks for the response. I did catch in Nick's video that he said they aren't JWTs, but then the tokens in the login response looked a lot like what you get back in the OAuth OIDC client flow, so my brain went to JWTs. If I remember correctly, the easiest way to recreate the SQL Server DP provider timing issue was to stop all the nodes in the cluster, delete the DP keys from the database and then start the cluster. In my case, I was using Cloud Foundry with an app that I scaled up to something like 10 nodes. Even though I know the DP subsystem has some level of control around how nodes handle key rotation, I wanted to see what would happen if multiple nodes in the cluster were trying to create new keys at nearly the same time. The result in my test was that some nodes ended up with different DP keys than others because the SQL Server DP provider doesn't do any locking, which I believe could be necessary. The DP subsystem tries to get a key from the provider and if it doesn't exist, it tries having the provider write/save the one and then calls the get method again. If multiple nodes fail to get a key (because a write/save hasn't yet completed), each of those node's write/save key method will be hit, which can result in some nodes having different keys. It's pretty fringe case but was still concerning enough for me to write my own SQL provider for DP.
@Paul-uo9sv Жыл бұрын
That's great video. Thanks. November 14, 2023 ASP .NET Core 8, with its much-anticipated features and enhancements, is scheduled to be officially released on November 14, 2023
@TaiNguyen-gb1pr Жыл бұрын
Great video! How to customize register endpoint, because maybe we need more field, ex: phone, avatar...?
@nickchapsas Жыл бұрын
Simply add the field on the user object
@uflidd Жыл бұрын
That was just a ton of tables and magic 😮
@mrkjartanvalur Жыл бұрын
Is it possible to override e.g. the login method for custom logic like logging or add custom claims
@jasonsteelj Жыл бұрын
It's a nice step, but they need a full example of authentication with SPAs, one that doesn't involve identity server/DUENDE. I don't need a whole identity server. I just need login on the local app.
@TheProTip Жыл бұрын
Cookies are the way, it's not clear to me from this short overview that it's setting the cookies though. I know that David knows that though based on the GitHub issue, so it probably has support for setting cookies in there some where.
@ZimTachyon11 ай бұрын
You deliver excellent and relevant information which helped me a lot. Thank you.
@AhmedAymanM Жыл бұрын
7:39 I love how you roasted microsoft, which created this auto refresh token generation, in 2 seconds 😂😂😂😂
@rogeriobarretto Жыл бұрын
Is a great step forward. But the must annoying thing for me is the dictatorship on how my Authentication Tables needs to be setup (migrate). It is very common to change a new project where there's already a Database Model in place, some simple scenarios where there's only a Users table with Email and Password. Would be great if we were able to setup the Authentication in that Stupid Simple Lean approach (where you could specify what is the table and how complex you want your authentication to be, (include refresh tokens, hashed passwords, etc)
@davidfowl Жыл бұрын
You would want the auth system to work with any database schema? Or would you augment the schema for the identity system? I think a better solution would be to provide more building block when the database schema is fixed. Another option is the use the identity schema as standalone and link it to your user table via foreign keys.
@dave7038 Жыл бұрын
Yup. Most of the systems I work on are 20+ years old and we don't have a lot of flexibility to update user stores (they are accessed or managed by many other systems). I have yet to work on a project where the built-in auth schemas are used. The direction I took was to create a class implementing Microsoft.AspNetCore.Identity.IUserPasswordStore and IUserLoginStore and a class implementing IRoleStore that I register as singletons and that handle interfacing with our user and role store (which in some cases is just an INI file with some username=scrambledPassword pairs under either [admin] or [user] keys), and then services.AddIdentity() connects my custom user and role stores with the identity system (I could probably also use the .AddRoleStore(), .AddUserStore() extensions on .AddIdentity()). We don't usually need the other features due to the nature of the systems we're working with, but implementing the stores for tokens and claims is similarly straightforward. That seems to work well, is very flexible, and fairly painless to set up. It would be great to have some guidance on how (or when/whether it makes sense) to integrate some of these newer options with custom stores that have limited feature sets.
@keesdewit19827 ай бұрын
@nickchapsas Please note that the default implementation of IdentityUser (used in this video) uses a string as Id which turns into a NVARCHAR(450) as primary key. This is terrible as it will lead to fragmentation because they don't insert records in a sequentially increasing order. This can lead to increased page splits and fragmentation within the database, potentially degrading performance over time as the database grows. To solve this and turn it into (for example) a integer primary key, the MyUser should inherit IdentityUser and the DbContext should inherit IdentityDbContext This will turn all primary keys into incrementing integers which are inserted in the right order.
@blackpaw29 Жыл бұрын
Really interesting, much more than I was expecting. Do you know how difficult it would be to link to an existing user database, rather than creating one from scratch?
@LordCoon1593 ай бұрын
It looks great and spent so many hours with identity in last few years. However, one of the thing which i am still missing is some kind of the way to invalidate at least refresh token. This basic behavior is simple but it still require additional work from us. I always implementing logic for validation of user every time when you use refresh token and also logic which is validating users in database at least once in every 5 minutes. My reason is that I am mostly working on closed systems where it's really important to kick users out of system almost immediately when admins decide to remove their right to be there.
@parlor3115 Жыл бұрын
Does it support storing the user session in the database in case the token needs to be invalidated?
@allenn9068 Жыл бұрын
Great intro to this new feature. Echoing questions about generating and customizing UI for AspNet, Blazor, or SPA frameworks. Wondering if there are templates to start with. Looks perfect for a simple personal web site that has auth for an admin area or customer/client features. Wondering if it can be used for a Generic Host as well as for a Web Host. Will have to try it. Looks good!
@SvdSinner Жыл бұрын
How it will work with an enterprise identity server like Auth0?
@jesperkped Жыл бұрын
Can you show how to do it from a blazer wasm client calling the API?
@haxi52 Жыл бұрын
Would like to see what happens when you start filling out the user class. Does it support complex types?
@nickchapsas Жыл бұрын
Yeap
@viniciusmelquiades Жыл бұрын
C# has changed a lot since I last used it. If I ever go back to backend, I'll probably use C#
@LifeWithSeb998 ай бұрын
What's really helpful! What should I do if I don't need some of the endpoints? For example my API won't use 2 factor authentication
@hevymetldude Жыл бұрын
Love the Doug DeMuro cameo.
@nilswierling5899 Жыл бұрын
Hey! What do you think about CQRS Pattern with EF ? Any experiences on that topic? And is there maybe a Video comming from you about CQRS?
@ManuelPerez-cn2fj Жыл бұрын
Loved the "except for Microsoft" comment! xD
@AntiPolarity Жыл бұрын
Hoping that they will integrate it into blazor
@sokoo1978 Жыл бұрын
There will be a new scaffold for Blazor in .NET8 RC1.
@sokoo1978 Жыл бұрын
@@marklnzIt will be obviously server rendered.
@felipepassion Жыл бұрын
thanks u.u @@sokoo1978
@felipepassion Жыл бұрын
you can try with webassembly. i was working with .ney7 with duende, ait it was a nightmare. then i can think now to replace the replacement that i used to replace duende 1 year ago in my server side. It's all about the server side. it's obvious.@@marklnz
@sokoo1978 Жыл бұрын
@@marklnzI think you misunderstand.. RC1 will be able to create you the client template like MVC did before. It will have the basic functionality and pages/components to register, login, have the basic header with the auth and user info. In many applications this is actually good enough, like intranet apps where Windows user is not applicable. The logic is all server side (like hosted WASM in current version).
@ethanford9678 Жыл бұрын
Love the Doug DeMuro reference :D
@systemslave510 Жыл бұрын
Now how to make it work with dapper?
@aslanamca8225 Жыл бұрын
Why not JWT?
@bitmanagent67 Жыл бұрын
This shit is still complicated. We would have never figured this out on our own. MSFT consistently convolutes approaches because they have this spaghetti against the wall mentality of refining features. Back in the day we used to have property panes and dialogs to configure options. The changes were made in the background for you. Now they basically said fk you to powerful tools and followed the rest of the open source community down the "type all your setup and config into a file" rabbit hole.
@CryptoWulfApp Жыл бұрын
This scenario is only intended for when your service also functions as an auth-service and not when you use an auth-provider like Azure AD/Azure AD B2C, right?
@sikor02 Жыл бұрын
adding few social login providers and merging that with local account would be nice. But I guess the 3rd party integration requires redirection at some point so no single API call will handle this, right?
@kabal911 Жыл бұрын
This already is supported. If your identity username is the same as your social username (usually email address) then you can login with either. If they have different usernames, then you would need to do something to allow an authed user to then link a social account - which I haven’t tried, but should be simple enough
@dukefleed952511 ай бұрын
...a step in a right direction! Previous "web" authentication/authorization from Microsoft was very wrong. This is something better, but there is still a lot to improve. See, authentication/authorization can be done in a lot of different ways, the lack of usage of interfaces and also the fact that appears to be "all or nothing" is still quite wrong. A problem like authorization/authentication should be treated as much as orthogonal problems as possible. This requires a very profound redesign, and even if the proposed solution is very handy in simple scenario, i dubt it can be adopted for advanced things (imagine a system where the grants are added to the user and the UI have to respond in near real time using a gRPC channel with JWT bearer and an event sourced database as storage.... i dubt this thing could do it)
@ARumGremlin Жыл бұрын
I would love to see a video on how to lock down an API with Azure AD authentication. I just went through the horror of doing it myself and the documentation for it is woefully confusing.
@SaltySquirrel12 Жыл бұрын
+1. Would like to see this in action with Azure AD
@hemant-sathe Жыл бұрын
Normally you would have to create an app registration and provide the client id, tenant id & secret. Then you set it up for a 302 response instead of 401 and you are mostly done. Postman documentation is also decent to explain how to set it up and how to add the postman return url in the app registration. The set up for an app like angular can be messy though. I find having our own UI for login more complex to set up in a typical SPA + API scenario.
@aremes Жыл бұрын
it seems to me like this system is entirely designed for when you want to provide your own user-management/authentication solution. With AzureAD (or MS Entra, now, because i think Microsoft has a renaming-things fetish) you dont have to do any of that, You use good old OAuth2 with maybe a little OpenID sprinkled on top. And that stuff will *always* be confusing. I've implemented it, I've taught it, I've written documentation for it and trust me: "Simple" and "Authentication" just dont go together. You just cant secure an API using *any* identity provider without some serious requirements introspection (i.e. what clients do you want to support, what level of security, where does your config live, etc.
@fabiolune Жыл бұрын
Totally agree. In my (could be limited) experience, it's rarely a good idea to create a custom authentication system. On top of security, there's also a huge amount of regulation compliance that can easily become a nightmare. So, while I appreciate the effort, I don't think I will ever use it in this way: better to rely on some authentication provider using a robust standard.
@eg8568 Жыл бұрын
I recently did this for a client and automated it via IaC / Bicep files. The documentation for both was dreadful and made it doubly confusing, I feel your pain.
@88spaces9 ай бұрын
They removed the pain from setting up bearer tokens. That alone is worth using it.
@xanhxanh5097 Жыл бұрын
Nick could you make a dometrain video on this how to set this up with react/angular and signing in with a social media account.
@_curtman Жыл бұрын
Can't wait for .Net 8 to be released.
@OldShoolGames Жыл бұрын
Hey Nick, could you please make a video on limiting the bandwidth per user for file downloads in ASP ?
@antonmartyniuk Жыл бұрын
Wow, that so much code I was writing before. It's so great. I wonder if any endpoint can be overriden with custom behaviour? And does this out of the box support refresh tokens if the same user is logged-in with multiple devices?
@keithealanta7790 Жыл бұрын
That's really useful. I wonder if there's an easy way to get it to use JWTs by default (I'm sure it's possible to rewrite overall, I'd just love to be able to set a flag for that, as we use JWTs in the rest of our system, and it would be ideal to maintain compatibility/)
@leoravilo2812 Жыл бұрын
Oh god... I waited for that for so long... Finally !
@drewkillion2812 Жыл бұрын
I wrote many of the endpoints myself. I'm a happy I don't have to do it anymore
@JKhalaf Жыл бұрын
Can you please do a video on how to setup .NET 8 with AWS Cognito with the Blazor auth scaffolding pages?
@myhjrhfgnb Жыл бұрын
Saves devs setting up many things, that is a boom
@shahzshafie Жыл бұрын
very helpful.. would like to know how .net8 can be integrated with a 3rd party IAM provider like Auth0...
@arkadiyshuvaev Жыл бұрын
I like the advice regarding EF Core 8 at 2:57. How can I reduce the cold start of EF Core in a serverless application? I have used the Debug mode and seen EF Core context initialization messages. The context initialization took 800 milliseconds per each cold start serverless invocation.
@danku1013 Жыл бұрын
Is it possible to use JWT with that approach?
@aweklin Жыл бұрын
This would be the first time I'm hooking into the built-in identity API. This is indeed a game changer. Thanks Nick
@TonyKenny-u5h Жыл бұрын
This is a great iintro, thank you, but where is the signout URL? I can't find it in the source or the documentatioin
@TheMeatySurprise Жыл бұрын
Now they just need to fix the authorization framework to allow for parameters to be passed in the Authorize attribute so you don't have to define dozens of schemes to support different required claim values. That would be great
@RasulAbuMuhammadAmin Жыл бұрын
Looks great. Wonder can I do the same using JWT token.
@JoeLizFamily4 Жыл бұрын
Can this be connected to an outside service like Octa?
@lucaciandrei6 ай бұрын
Do you have info / video on how to set this up properly as a JWT? Is this also out of the box (configuration only)? Or should we add extra code for that?
@atur94 Жыл бұрын
That is so freaking awesome. Finally
@tanglesites Жыл бұрын
This is a game changer and such a time saver!
@mightypirate10011 ай бұрын
Thanks for the video. Question: How to customise the register and login endpoints to accept user id instead of email? Thank you
@Spirch Жыл бұрын
so i guess i will spend time at work to see if this can do what is missing in azure B2C, OBO / web api chain api
@benjamininkorea7016 Жыл бұрын
I don't understand. Are these API endpoints only accessible from onsite? What's to stop someone from batch-creating a million accounts using the register endpoint?
@TechBuddyTR Жыл бұрын
Is it in purpose the picture at 01.57?
@z_prospective1608 ай бұрын
I like these features.. however, I think it is better practice create an centralized identity management solution that many apps can consume.
@Silentsouls Жыл бұрын
What about B2C integration ?
@HMan282827 күн бұрын
Hey Nick, I would REALLY appreciate a follow up on this video for how to setup identity without a database... I have an application where I need to authenticate and get user data from a third party application using a REST service. It used to be really easy in .NET 4 to create a custom user storage provider that would call a REST or SOAP service to obtain or update user data, but I have been struggling real hard trying doing the same in a Blazor SSR application, and let's just say the documentation really isn't straightforward at all... Standard solutions do not work, because I do not need to actually connect through a third party OAuth endpoint. What I need to do is query an external ERP product that contains the user data (through customer contacts for example), and use that data to authorize users in my external .NET 8 app.
@therealdebater2 ай бұрын
Yep. The only thing that really strikes me is that MS should have done this about 20 years ago :-)
@hananiahlinde1377 Жыл бұрын
My favorite part 7:40
@muzammilghani2492 Жыл бұрын
Great video Nick 👍🏻
@KonradGaska Жыл бұрын
Just wondering how often would you really use it? In majority of current applications identity comes from external identity providers and you don't have to bother with stuff like user registration, etc. It is still cool that this was simplified though.