ASP.NET Community Standup - Taking a look at the TodoApi Sample App
Vložit
- čas přidán 28. 06. 2024
- TodoApi is a sample application with ASP.NET Core Blazor WASM, Minimal APIs and Authentication. David Fowler recently updated it to .NET 7 and added lots of new shiny things:
- Route grouping
- JWT auth
- Cleaner integration tests
- Open telemetry
Code: github.com/davidfowl/TodoApi
00:00:00 Countdown
00:03:00 Intro
00:04:30 Community Links
00:15:45 TodoApi Sample overview
00:19:00 Token auth and Backend For Frontend (BFF)
00:29:30 Prereqs and setup
00:34:00 ASP.NET Core Identity extensibility and options
00:41:10 Minimal API endpoints and groups
00:44:00 Enforcing API authentication using a handler
01:04:00 BFF implementation and integration with server
01:20:00 Pros and cons of 3rd party identity providers
01:34:00 Typed Results in .NET 7
Community Links: www.theurlist.com/aspnet-stan...
Featuring: David Fowler (@davidfowl), Jon Galloway (@jongalloway) - Věda a technologie
I love how there are so many things I could just "borrow" from this app into my own apps based on my needs for each app. Thanks a million for building this and showing how it works and what pieces I can look for ❤️
These kind of example apps on standups is awesome! Please do more so we can use best practices at work!
Also super interesting to see how Auth domain it's not just a part of the application it fully drives part of the architecture, also the fact that the full show was mainly about Auth concepts proves how hard Auth can be
Pretty amazing session. Thanks guys!
Would love a part 2 of this!
This is an absolutely outstanding watch. Saving it to watch again later :)
Glad to see a second video on the TodoApi ( first one was by Raw Coding I think ) , Context it's a big part of Software design so it's important to know the context that drove the creator of the api to code it that way
BFF pattern is especially good with Blazor WASM because it allows using rendering mode 'WebAssemblyPrerendered' with authentication, which is a must IMO since Blazor WASM as a SPA takes noticeable longer to load than JS frameworks. This requires jumping through some hoops but is totally worth it for that instant html content.
Lots of good conversation regarding AuthN/AuthZ.
I think the other elephant in the room - besides the reality that not everybody can, or even should, use OIDC - is that some software companies allow their web application software to sprawl across two or more subdomains, instead of using a reverse proxy from the outset and diligently operating on a single domain (or single subdomain).
Suddenly using cookies for authentication becomes untenable because of the CORS requirements.
But cookies have come a long way now, with various security controls around their transmission, and being able to set a cookie in a modern browser that is implicitly transmitted as part of each request is very powerful.
A bit of a shame I think.
Thanks guys
I would like to see a walk through the unit testing testing part :
Rehash the hash password. I think he just means move the old hash and then once they login then have new hash.
You can't just move the old hash. You will never be able to generate it from the PW on a new system.
please make a real world app not hello world. blazor is no longer experimental.