Authenticating Web API Using ASP .Net Identity and JSON Web Tokens (JWT)
Vložit
- čas přidán 27. 07. 2024
- In this video, we talk about how to Authenticate Web API applications using Asp .Net Core Identity and validate the incoming requests using JSON Web Token (JWT).
Buy me a coffee: buymeacoffee.com/foadalavix
Patreon: / foadalaviyoutube
⏱️VIDEO CHAPTERS⏱️⏱️
00:00 - Intro
00:11 - Identity Context
05:53 - Register User and Login
21:30 - Add Authentication
25:17 - JWT Configuration
29:10 - Generating JSON Web Token
38:29 - Testing using Postman
🔔 Subscribe for more tips just like this: www.youtube.com/@Foad_Alavi?s...
Learn how to implement secure authentication for your ASP.NET Core Web API application using ASP.NET Identity and JSON Web Tokens (JWT).
In this tutorial, we'll walk through the process of creating an Identity context using Entity Framework Code First, registering users in the database, and logging them in. We'll also show you how to configure your Web API to use JWT for authentication and demonstrate how to generate a token for JWT.
Follow along as we test our application using Postman.
By the end of this video, you'll have a solid understanding of how to authenticate Web API using ASP.NET Identity and JSON Web Tokens.
GitHubRepo: github.com/foadalavi/ASP.NET
ASP.Net Core Playlist: • ASP.Net Core
#csharp #dotnet #aspdotnetcore #webapi #identity #jwt - Věda a technologie
Actually one of the best guides on Identity and Jwt! Thank you so much.
Loved this video, really insightful compared to watching someone copy and paste code ..
This explanation of JWT and Identity is the best I've found! It's really clear and easy to understand.
Glad you think so!
The best person who displayed this section 🙏🏻
Go ahead man 👍🏻
Keep up the great work. Well done!
I'm from Shiraz, and I'm so grateful for your helpful content. It's been a pleasure learning from you.
Thanks. The pleasure is mine to share my knowledge with my compatriots.
I have been to Shiraz once, and it is one of my best memories.
Excellent Content, and valuable tips, as always; thanks for sharing.
Thanks for watching it.
Amazing video and clear explanation about the topic. New suscriber from Argentina!
Welcome aboard!
You're awesome, man! This is just what i needed. You helped me a lot with this tutorial!!! Keep going :)
Glad I could help!
nice keep it up
Excellent tutorial, Thank you so much.
You are welcome!
Senior Developer indeed. You are just awesome. You know the flow. If I stay with you for 2month my programming life cannot be the same. You know exactly what you are doing. You know it should work and if it does not work you know why it refuse to work. You are a great Boss and I cut cap for you.
I'm sorry for not getting back to you sooner. I was busy with house renovation and got ill after that.
Thanks for the nice words. I will upload more and more videos; hope you enjoy them.
@@Foad_Alavi No problem boss.
Sorry about that sir. I just believe you're strong now.
Can't wait for more of your videos. You've made me addicted to this challenge already and I really thou love it.
That you have provided such wonderful content, kindly implement role-based authentication.
Sure. It is planned.
Thank you for tutorial
best one yet
Excellent tutorial and thanks for the code too!
You're welcome!
thank you so much for uploading such quality content.
Glad you enjoy it!
just Awesome
Super 👏
Thank you sir from Turkey
You are welcome!
Great, keep it up 👍
Thank you
Excellent...Thanks a lot🎯
You’re most welcome.
Do not miss my next two videos in this series. I explained how to use authorization to check permissions.
I hope you like them both as well.
Thank you so much, you make such a difficult concept to implement very simple. I appreciate it
I just had a question regarding adding an employee model with its own set of fields and allow for authentication of that user. (Since it's separate from the Users table generated by the Identity package)
Usually, the identity context is isolated.
I just wanted to demonstrate that we have some other entities there as well. Sometimes, you need to have some other entities or maybe some fields in the user, claim, and roll tables. In the coming videos, about roll and clam-based authorization, I am going to explain it in more detail
Thanks for watching my videos and asking the question
thank you
You're welcome
ty ..!!! i am find a guides for implement in my job
I’m glad that you liked it.
You can check the next two videos of the service I explained about implementing permission check and authorization.
If you like this video, please share my channel.
best
This was an amazing video. Exactly what I needed for my project, and you do such a great job of explaining what you're doing as you're doing it. Do you have a Paypal or some other way I could send you a tip for this?
Hi,
I am glad that you liked it and thanks for the nice offer. The best tip for me is to share my channel with other developers. BTW I have five videos about authentication and Authorization, and in the last 2, I explained how I Authorize requests in my projects. You might like them as well.
There are some things I would improve:
- Your endpoints are not restful... you shouldn't be using actions as endpoints (as /register or /login). a good restful endpoint would be for example POST /auth and GET /auth
- The results for your endpoints should return "Bad Request" only when it's really a bad request... an incorrect login should return 403 Forbidden
hi, how would you name endpoints for with functionality such as forgot-password, reset-password and account lock/unlock?
@@ondrejdlesk9352 [HttpPost("Login")] OR [HttpPost("Register")].
"Could you please explain what the Employee model is used for? I only noticed its presence in the instructional video."
Great video, are you planning one version using azure ad as a jwt provider? Would be great if you make this version. God bless you.
Great suggestion!
I will make one soon.
Hello . I will use asp. net mvc and web api in my project. I need to display the user who is currently online in some views in MVC. After making these settings in the program cs file of the API, would it be enough if I download the identity package to the MVC project?
showing the online users is a bit tricky.
You need to send requests to the server from the clientside every second and notify the server that the user is online
Mainly do it using a javascript timer on the clientside.
Please consider the performance overhead that it will have on your project.
I see many WEB API / JWT tutorials but I struggle tying the API JWT together with the user logging in on a web page and using the same token to limit the web front end.
Do you have any videos tying these together?
I have recorded another video about identity and authorization. You should find what you asked for there.
I need to edit the video first and will publish it by the end of the week.
@@Foad_Alavi i look forward to that, but does it use jwt bearer?
@@jesperkped It does
What about refreshTokens? How'd I handle those, in regards of invalidation?
I have a video about refresh token
How would I use http only cookie to store the jwt ? and use the jwt from cookie ?
Coocke and JWT are 2 different ways of storing the data for authentication on the client side.
My advice is to keep them separate.
Could you elaborate more about why you have this requirement?
Can’t we send these access tokens as cookies?
This helped out a ton with my project. Thanks a ton
Glad it helped!
i have a question if i have a service that i do register and login in there exactly like you said (in Micro services) now how can i use this for other services???
First, sorry for the late response. I was busy with house renovation and got ill after that.
You can use encryption techniques like SHA that let you have a Public and Private Key to share them between the login Service(application) and other services(application).
I will make a video about it soon.
@@Foad_Alavi tnx
Is this something a junior developer should be able to do? Got a hard time estimating at what level stuff is sometimes..
This video is for the Midior level, if you have an issue understanding this one, I highly recommend watching my "ASP.NET Core 7 Authentication and Authorization" playlist
Nice, but is this the only way to do authentication and authentication in a web api? How about cookie based authentication or another method asides jwt
We have some more ways to do it, I have a playlist about it containing 5 videos about them, and I suggest you watch them.
There I explained cookie-based authentication in detail.
but my package like this Package Reference Include="Microsoft. Entity Framework Core. Tools" Version="6.0.16"
Hi Jaya,
i’m not sure if I got your question correctly or not or even if it is a question or not😉
Depending on the target framework that you have, do you need to select the correct entity framework version.
Can I use it like and endpoint to my React app? I can´t do it
Sure,, you'll be able to do it. Just add the authentication key to the request header.
Like this:
key=Authorization, value= "Bearer Token"
@@Foad_Alavi I do it and it’s working, thanks a lot!!!
The explanation is great but , I guess this Identity library for this version is deprecated. am I wrong???
First thanks for watching the video.
You might have a valid point, I prepared this project for one of the workshops that I gave based on .net 5, some years ago and I used exactly the same code for this video.
I will check it and if some libraries are deprecated I will update GitHub repository
And check my other videos about refresh token and how to use other encryptions like RSA for validating JWT.
Pleasure watching your videos Foad. Mine, was just a reminder. I was not even very much sure. Keep going.@@Foad_Alavi
Use "Microsoft.AspNetCore.Authentication.JwtBearer" instead.
Can anyone tell me what is the language used in this video?
The language that I tried to speak in this video is English😂😂
The programming language that I used is C# dotnet.
@@Foad_Alavi Oh Great I haven't ever seen C# syntax So I thought it as Java That's why I posted a comment 😅
But Anyways Thank you @Food Alavi for responding to my comment
Most CZcamsrs won't do such things🔥🔥
35:00 and 36:00
I dont get it. Can you elaborate?
Bro atleast explain sometimes what you are writing, why in so much hurry.
Is it .NET 6 or 7 or even 8? Please, specify
I'm sorry for not getting back to you sooner. I was busy with house renovation and got ill after that.
The concept in this video is the same as in .NET 6,7 and 8.
Thank you, keep it up ❤️