ⶠ[Part 2/4] .NET 6 Web API đ Role-Based Authorization with JSON Web Tokens (JWT): czcams.com/video/TDY_DtTEkes/video.html ⶠ[Part 3/4] .NET 6 Web API đ Read JWT Authorization Claims of a User (from a JSON Web Token): czcams.com/video/fhWIkbF18lM/video.html ⶠ[Part 4/4] Refresh Tokens with a .NET 6 Web API đ: czcams.com/video/HGIdAn2h8BA/video.html
It is easy to miss because Patrick goes by it so quick @23:00 Visual Studio tries to get you to do System.IdentityModel.Tokens but you need Microsoft.IdentityModel.Tokens as he says but its so quick blink and you miss it and might get stuck. Just thought I would leave this comment for anyone else who is confused why their code isn't working. Thanks Patrick for such a great tutorial!
Bit pedantic but in a production system I would not return "Bad Username" and "Bad Password" as a bad actor can use that information for their gain. Great tutorial as always đ
Nice tutorial In order for jwt token to be practical, you will need to provide a refresh token. Otherwise you will have to login every time you refresh a page.
I have been putting off working on my term paper for about a month because I could not even understand the topic, but thanks to you everything became clear. Thanks dude and greetings from Ukraine :3
I noticed when I create a new Blazor WebAssembly app with "Individual Accounts", the AspNetUser entity doesn't have a "Password Salt" field. I know it used to, I'm just wondering why it no longer does?
hi patrick, if you leave the passwortSalt in the userdto as property, a hacker gets the salt to test from the api at 13:16. and if you have the user as static in line 16, then it will interact with other logins at the same time. right? but i love your tutorial
Thanks Patrick, just had a couple different questions: 1. Is this how it's really done in production? I've seen a lot of tutorials almost all of which refer to the Identity package and external IdP but if your app (i.e. your DB) is the IdP in and of itself is this how it's done? 2. I can't help but strain my eyes seeing that static User instance in your controller, not sure how this would even work as concurrent users would more than likely mutate the same instance ... how would you go about getting a user in the method body i.e. via transient service or http context? 3. What's a good way to deal with 3rd party integrations? I still want to use this methodology to sign in users to my application but I want them to be able to add other social integrations in app to query remote resources. Would I have a table with FK to user, token, and refresh token allowing me to refresh as needed?
Great video, clear, fast and concise. One tip though, since you are using a lot of key strokes when creating the methods, you could save some time when you get to entering the curly braces at the end of the method name, ({}), by simply enter the opening curly brace { and then hit Enter. It will close the curly brace, format them on the next line and put the cursor between the two ready to continue coding. No fiddling with the arrow keys to get back to the correct position. Keep up the good work.
Hello Pattrick, would love to ask if you have a course on yt or udemy solely about EF Core (i.e. regarding 1:1, 1:n, n:n Relationships and how to work well with Fluent API)? If not, would love to request on that idea, Thank you!
Hey there, Thanks for your feedback and suggestion. We actually cover all types of relationships in the. NET Jumpstart course with EF Core and SQL Server. But this is also a great idea for a quick and dirty tutorial. So, stay tuned. đ
@@PatrickGod Thank God for hearing our prayers and thank you Patrick for helping us to learn a fun and much easier with the tutorials and knowledge! âš
Thank you so much for this excellent tutorial, Patrick. I also have a toddler, so, I know what you mean when it comes to struggling to sleep. Go well and stay healthy man. These are crazy times.
Hello Patrick, love your videos! Im completely new to this and would like to learn how to store registered users in a sql database. You dont happen to have any videos that demonstrates the entire process?
It was a great video Patrick, but really very demanding. Still thanks again for the preview, I like your videos! I sent link to your videos to my friends
Hi Patrick, great videos. It is possible to show how to refresh the token and how to implement it on a Blazor Server without using an API? I really appreciate it see how you implement it. Thanks
man i thought it's only me having "refresh trouble" after compiling using visual studio 2022 đ, it's better get rest immediately right after encountering this "refresh trouble"
Hi! thanks for the video, amazing as always, I have a question, why you put "= string.Empty()" in a property? I know that is for changing the default value of a string, wich is null, to an empty string, but why ?
i literally clapping my hands when i finished watching the tutorial. good job! one questions, would you advise to use customized authentication or use UserIdentity?
Hi Patrick, Thank you for this tutorials very useful., My concern now is how to Post to the database if you register and to Get the user from the database? Thank you in advance...
hey Mate! thanks very much for this video guide. It wuold be very interesting to use this on blazor web app and see how you manage all the requests. Cheers!
Very helpful video. I have a queation. During the ligin method testing. after you giving string as user name it says " CRAZY TOKEN" so where is it validating the user name i mean there i no database right?
Hey Patrick, Thanks for awesome video . do you have any video about how to save the user in Db and not on a static like now ? (User user = new User right now) ...
Thanks for your feedback. You're right, async is not necessary here. I'm just used to it, since I would usually utilize EF Core here to change or read the data from the database, and that's usually done asynchronously.
29:25 lol I think the issue is dotnet. I'm using VSCode and randomly get errors about ambiguous endpoints where I need to restart the app. Anyway great tutorials especially for a beginner to dotnet like me. You've earned a sub đ€đœ
Hi, great tutorial, thakns. Is ther a way to use this technic with a web application? Fo now I use cookies, it works fine, but I will have to manage SSO possibly with cross domain, and cookies does't travels from one domain to another, so I search how to use jwt cookieless on a webb app, not API.
Hi Patrick! I like your jwt creation video tutorial! But how do we configure the Web Api project appropriately to protect our endpoints in order to prevent unauthenticated/unauthorized users from accessing them? Thank you!
Hey Cristiano! Thanks for your feedback. I will (probably) do exactly that with role-based authorization in one of the next videos. We would have to configure our authentication/authorization middleware and then run some test calls. Stay tuned! :) Take care, Patrick
@@PatrickGod Thanks, will have a look, just finishing this one. Really nice and clear. By the way regarding your comment @29:40 that you have to stop visual studio, I think it's one of the features that allows you do some changes in vs2022 and debug without restarting. But I guess your changes were quite critical and that's why you got this strange error :)
Thank You Patrick! If I want an web app to authenticate against this API, where should I store the Token, in a cookie, in session? What's your sugestion? So the API login method should take care of this? Thanks again.
ⶠ[Part 2/4] .NET 6 Web API đ Role-Based Authorization with JSON Web Tokens (JWT): czcams.com/video/TDY_DtTEkes/video.html
ⶠ[Part 3/4] .NET 6 Web API đ Read JWT Authorization Claims of a User (from a JSON Web Token): czcams.com/video/fhWIkbF18lM/video.html
ⶠ[Part 4/4] Refresh Tokens with a .NET 6 Web API đ: czcams.com/video/HGIdAn2h8BA/video.html
It is easy to miss because Patrick goes by it so quick @23:00
Visual Studio tries to get you to do System.IdentityModel.Tokens but you need Microsoft.IdentityModel.Tokens as he says but its so quick blink and you miss it and might get stuck. Just thought I would leave this comment for anyone else who is confused why their code isn't working. Thanks Patrick for such a great tutorial!
Bit pedantic but in a production system I would not return "Bad Username" and "Bad Password" as a bad actor can use that information for their gain. Great tutorial as always đ
I agree, keep them guessing
You are absolutely right, Andrew! Thanks for sharing. đ
I stucked with JWT for one month but thanks to you I solved it finally. THANK YOU SO MUCH
Great to hear! Thanks for your feedback!
same here
đ Get 20% off the .NET Web Academy: www.dotnetwebacademy.com/bundles/net-web-academy?coupon=dnwa2024yt
Thank you for not speaking as slow as humanly possible. I always have to put programming tutorials on 2x speed, but this was perfect.
IM so glad someone is making JWT with .NET 6. Other people make videos with .NET 2 in 2022 which doesn't make any sense.
Glad I could help! Thanks for your feedback!
Nice tutorial
In order for jwt token to be practical, you will need to provide a refresh token. Otherwise you will have to login every time you refresh a page.
Hi, may I ask the logic of a logout API in respect of JWT authentication and authorization. It seems like ur quite knowledgeable in this topic!
I have been putting off working on my term paper for about a month because I could not even understand the topic, but thanks to you everything became clear. Thanks dude and greetings from Ukraine :3
Glad I could help! đThanks a lot for your feedback!
I don't have any requests but just wanted to pass along another thank you as your videos are very instructive, concise and helpful.
Thank you so much!! Means a lot. đ
I noticed when I create a new Blazor WebAssembly app with "Individual Accounts", the AspNetUser entity doesn't have a "Password Salt" field. I know it used to, I'm just wondering why it no longer does?
I saw this twice. the way you have explained, its very very easy and understandable.
Thank you so much.
This video is pretty old, but still very helpful. Thank you sir!
This guy's a gamer. Tries to type "user" but left hand goes to wasd and types "uawe" instead.
đ
Hello from Argentina Patrick!! Only i want you to know that you are a very good teacher, with very clearly explanations. I wish you a lot of success!
Thank you so much! Means a lot to me! đ
its perfect to watch the video.The video timeline can see your implementation funtion.
It's art to able to share knowledge as easy as you doing.
Thank you so much! đ
Hi Patrick, your tutorials are great. Can you make a tutorial for CustomAuthorization(ApiKey and JWT)? :)
"I would never use the Lord's name in vain. Why would you think that?" đđđđ
Subbed!!!!
Thank you!! đ
Thanks Patrick, you tutorial helped me a lot. Much appreciated.
You're most welcome! Thank YOU so much!! Really appreciate it! đ
hi patrick, if you leave the passwortSalt in the userdto as property, a hacker gets the salt to test from the api at 13:16.
and if you have the user as static in line 16, then it will interact with other logins at the same time.
right?
but i love your tutorial
Wow i was looking for exactly this, and presented by no other than the cozyest guy out there. cheers
This is great. Thank you so much for your kind feedback. đ
Thanks Patrick, just had a couple different questions:
1. Is this how it's really done in production? I've seen a lot of tutorials almost all of which refer to the Identity package and external IdP but if your app (i.e. your DB) is the IdP in and of itself is this how it's done?
2. I can't help but strain my eyes seeing that static User instance in your controller, not sure how this would even work as concurrent users would more than likely mutate the same instance ... how would you go about getting a user in the method body i.e. via transient service or http context?
3. What's a good way to deal with 3rd party integrations? I still want to use this methodology to sign in users to my application but I want them to be able to add other social integrations in app to query remote resources. Would I have a table with FK to user, token, and refresh token allowing me to refresh as needed?
Anyone's answer on this will be appreciated
Hey, Patrick, you made authentication very easy and teach use in very simpler way.
Thanks for amazing tutorial.
Great video, clear, fast and concise. One tip though, since you are using a lot of key strokes when creating the methods, you could save some time when you get to entering the curly braces at the end of the method name, ({}), by simply enter the opening curly brace { and then hit Enter. It will close the curly brace, format them on the next line and put the cursor between the two ready to continue coding. No fiddling with the arrow keys to get back to the correct position. Keep up the good work.
Dude! All these years! Thank you so much, this is amazing! đ
Bro, you just deserve this last name hahahah, thank you so much !
đ Thank you!
Thanks for video tutorial. The best part is that it is short and straight to the point.
Thank you so much! Glad you like it! đ
Love your humor man! keep it going with you easy to learn videos
Thank you so much! Appreciate it.đ
Thank you Patrick! I love the intro and how this community reacts on your last name đđđ
Hello Pattrick, would love to ask if you have a course on yt or udemy solely about EF Core (i.e. regarding 1:1, 1:n, n:n Relationships and how to work well with Fluent API)? If not, would love to request on that idea, Thank you!
Hey there, Thanks for your feedback and suggestion. We actually cover all types of relationships in the. NET Jumpstart course with EF Core and SQL Server. But this is also a great idea for a quick and dirty tutorial. So, stay tuned. đ
@@PatrickGod Thank God for hearing our prayers and thank you Patrick for helping us to learn a fun and much easier with the tutorials and knowledge! âš
@@donmikkodanm.olmillo8154 Glad I can help. đ
Finally, the last name, been so afraid to say it. Very helpful tutorial, keep up the good job
đ Glad it helped! Thanks for your feedback!
Thank you so much for this excellent tutorial, Patrick. I also have a toddler, so, I know what you mean when it comes to struggling to sleep. Go well and stay healthy man. These are crazy times.
They are, indeed. Thanks for your feedback. More sleep would be really great. đ
thanks, you save my final exam! with createToken function xD!
Hello Patrick, love your videos! Im completely new to this and would like to learn how to store registered users in a sql database.
You dont happen to have any videos that demonstrates the entire process?
Hey there! We do that in the .NET 6 Jump Start Course. You can check it out here: czcams.com/video/K23uJdMiEpk/video.html
Vielen Dank fĂŒr das Video, es hat sehr viel SpaĂ gemacht es nach zu programmieren đ
Freut mich sehr! Danke fĂŒr dein Feedback - und den Kaffee! đ
Thanks God. This video is really helpful for me.
Glad it was helpful!
Hi Patrick, thanks for the tutorial and my free course .NET Core teacher. Your explanation is very clear and easy to understand đđ
It was a great video Patrick, but really very demanding. Still thanks again for the preview, I like your videos! I sent link to your videos to my friends
Awesome, thank you! đ
Great tutorial! I was exactly looking for that and itâs very well explained :)
Thank you very much for your feedback! đ
Hi Patrick, great videos. It is possible to show how to refresh the token and how to implement it on a Blazor Server without using an API? I really appreciate it see how you implement it. Thanks
Superb! Continue this video with authentication and refresh token. And use it in some tasks. Greate
man i thought it's only me having "refresh trouble" after compiling using visual studio 2022 đ, it's better get rest immediately right after encountering this "refresh trouble"
OlĂĄ, meu nome Ă© Eduardo Henrique, moro no Brasil, foi um prazer enorme participar deste treinamento, gostei muito e quero aproveitar outros vĂdeos, Vindo passear no Brasil, estĂĄ convidado a ficar em minha casa, moro prĂłximo da capital de Minas Gerais, em uma cidade chamada Santa Luzia. Fique com Deus.
"Hello, my name is Eduardo Henrique, I live in Brazil, it was a great pleasure to participate in this training, I really enjoyed it and I want to enjoy other videos, Coming for a walk in Brazil, you are invited to stay at my house, I live close to the capital of Minas Gerais, in a town called Santa Luzia. God be with you."
Hi! thanks for the video, amazing as always, I have a question, why you put "= string.Empty()" in a property? I know that is for changing the default value of a string, wich is null, to an empty string, but why ?
Thanks God! :) Very clear and perfect pace...
Thank you so much! đ
i literally clapping my hands when i finished watching the tutorial. good job! one questions, would you advise to use customized authentication or use UserIdentity?
Initially thank you
Great tutorial, deserves a comment for sure!
Much appreciated!
Awesome video!! Everything was explained in a simple way just what I was looking for, Thank you!
Hi Patrick, Thank you for this tutorials very useful., My concern now is how to Post to the database if you register and to Get the user from the database? Thank you in advance...
Hi Patrick, love your tutorials. Can you do a tutorial on OAuth2 + OpenID Connect authorization server on the .NET core 6 Web API using OpenIddict.
I need the exact same tutorial. Have you found something about that?
Thank God. Thank you God
hey Mate!
thanks very much for this video guide. It wuold be very interesting to use this on blazor web app and see how you manage all the requests.
Cheers!
ein sehr hilfreiches video, vielen dank!
Hi Patrick. Thank you for your videos and courses. They are very professional
Thank you soooo much! Means a lot to me. đ
Thank you for the tutorials. I hope you dont have to deal with to many people who harass Gods.
I love you man. Thanks so much for this tutorial and the pagination one.
Happy to help! Thank you very much for your feedback! đ
Very helpful video. I have a queation. During the ligin method testing. after you giving string as user name it says " CRAZY TOKEN" so where is it validating the user name i mean there i no database right?
Hey Patrick, Thanks for awesome video .
do you have any video about how to save the user in Db and not on a static like now ? (User user = new User right now) ...
I love your videos and I really appreciate that you are giving us opportunity to study and using your free time to record this precious videos
Thank you so much for the video. Very descriptive and helpful. Good Job đđ
You are welcome! Thank you so much for your feedback! đ
Hi Patrick, great course !!! Thx
Thank you for the tutorials
My pleasure!
Great video...really helpful. Thanks man
Thanks for this valuable tutorial, learning alot fro this channel
Just got your course at Udemy.
Thank you for making perfect video. I have a question how about logout. Can you make a video or suggest me some solutions. Thanks
Please keep posting on you tube they are so amazing great job
hey Patrick, can you make a video about the use of Interface?
Your videos are the most helpful ive found, thank you !!!
Dude your videos are so helpfull. I find them very informative and helps me practice on the go.
How would you connect this entire series of jwt authentication and oauth2 with angular on the frontend?
Thank you saved my project , you're the best â€
Glad I could help! Thanks a lot for your feedback! đ
Thank you for this perfect explanation. I'd like to ask a question: why did we use async register/login methods if there won't be an await task?
Thanks for your feedback. You're right, async is not necessary here. I'm just used to it, since I would usually utilize EF Core here to change or read the data from the database, and that's usually done asynchronously.
@@PatrickGod Thank you. Your explanations are very good.
Thanks for it, dude! Iâm need it
Thx u Patrick, nice, amazing tutorial
i love u mr Patrick. Thanks for everything
Great course! Simple and with details!!
Glad you like it! Thanks a lot for your feedback! âș
Thanks for the video, greetings from Brazil.
I like and subscribed. Thank you
Thank you so much!
This is good quality material. Thank you so much.
Thank you very much for your feedback! Glad I could help. đ
29:25 lol I think the issue is dotnet. I'm using VSCode and randomly get errors about ambiguous endpoints where I need to restart the app.
Anyway great tutorials especially for a beginner to dotnet like me. You've earned a sub đ€đœ
Hi, great tutorial, thakns. Is ther a way to use this technic with a web application? Fo now I use cookies, it works fine, but I will have to manage SSO possibly with cross domain, and cookies does't travels from one domain to another, so I search how to use jwt cookieless on a webb app, not API.
What a godly content. Thank you
Thank YOU!
thank you sir.. but how can i implement this JWT token on the client side? have you made a video about it?
This one is for you: czcams.com/video/Yh16E2u2pio/video.htmlsi=GHlDOTnINjLHTnwa
@@PatrickGod thank you again sir.. is it the same for web App empty? Or should i use blazor?
Thank you for the lesson!
Glad it was helpful! Thanks for your feedback!
Another useful videođ I also have a 1yo son and, god (no pun intended), I hear you on the sleeping time
Thank you for your support. The sleep deprivation is the worst.. But it will get better, right? đ đ€
Hi Patrick! I like your jwt creation video tutorial! But how do we configure the Web Api project appropriately to protect our endpoints in order to prevent unauthenticated/unauthorized users from accessing them?
Thank you!
Hey Cristiano! Thanks for your feedback. I will (probably) do exactly that with role-based authorization in one of the next videos. We would have to configure our authentication/authorization middleware and then run some test calls. Stay tuned! :)
Take care,
Patrick
@@PatrickGod Subscribed. Great content, keep it up! Is the mentioned video out?
@@zhaltys Thank you so much! Yes, you can find the video here: czcams.com/video/TDY_DtTEkes/video.html Enjoy!
@@PatrickGod Thanks, will have a look, just finishing this one. Really nice and clear. By the way regarding your comment @29:40 that you have to stop visual studio, I think it's one of the features that allows you do some changes in vs2022 and debug without restarting. But I guess your changes were quite critical and that's why you got this strange error :)
Thank You Patrick! If I want an web app to authenticate against this API, where should I store the Token, in a cookie, in session? What's your sugestion? So the API login method should take care of this? Thanks again.
This was very helpful. Thanks a lot for this video series. đ
Nice Tutorial , its simple and easy to grasps.
Exactly what I was looking for, Thanks
Great tutorial
Thank you! Cheers!
Thank you very much. It was interesting.
Thanks for this, Patrick!
How do you persist the registered user data for later login?
Thank you man! Very Helpful
Glad it helped! Thanks for your feedback! đ
I don't know how to thank you man! Thank you very much...
Wait does the out keyword create variables? In the register method you didn't initialize passwordHash and passwordSalt???
Hello sir, first of all thank you for your video. I have a question. How can i save user information in database ?
Thank you Patrik, with the videos help me my proyect. Good Video