ASP.NET Core JWT Authentication and role-based authorization
Vložit
- čas přidán 30. 01. 2023
- 💻Get the source code: go.dotnetacademy.io/howtoprot...
A solid REST API should make sure that its resources are protected so that only authorized users and clients can get access to them. And thanks to the latest innovations in ASP.NET Core, protecting your Web API could not be easier.
Here I'll show you how to protect your ASP.NET Core Web API in just a few steps.
Topics covered:
00:28 Understanding Token-Based Authentication
01:56 Creating a simple minimal API
08:13 Using JWT authentication and requiring authorization
13:02 Generating tokens with dotnet user-jwts
14:50 Understanding Json Web Tokens (JWT)
21:42 Implementing role based authorization
24:43 Extracting user information via ClaimsPrincipal
33:03 Evaluating user claims
🔥Become a Senior C# Backend Engineer: juliocasal.com/courses
🗺️Get My Free .NET Backend Developer Roadmap: juliocasal.com/roadmap
Join me on Patreon: / juliocasal
Follow me on LinkedIn: / juliocasal
Follow me on X: x.com/julioc
#dotnet #aspnetcore #aspnet
Great tutorial, learned a new way to test the API without switching to postman, swagger or using curl. 🙂
Great to hear!
This is the amazing explanation regarding Api authentication and authorisation process along with real action demonstration.
I really appreciate your efforts to make this concept easy to understand and digest. ❤️
Glad it was helpful, Vinay!
Great tutorial, I appreciate simplicity and you deliver quality content without any cumbersome code
Glad you like it!
Love ur explanation Julio, thanks for sharing
My pleasure!
You are simply Awesome Julio! Thank you for your efforts....
My pleasure!
Thanks, very much helpful 👌
Glad it helped!
Thank you
This was very well done and great content. I would like to call out that, it is best practice to use a Reference Token for communicating from the UI to an API, in place of a jwt token. Jwt tokens are still a valid choice to use between services.
Great tip Eldon!
Great content
Glad you think so!
What is the difference between Claim and Signature? what does each one reference?
Claims are the pieces of information being asserted about a subject (the user, typically). The signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
Hi, I Have a question. If we do not want to call RequireAuthorization on a endpoint (I just want the user to be authenticated for a specific endpoint and no other things needed like role etc.), it's not even validating the token. I mean, if token is not there it still returns result. What is happening here, could you please explain.
Without the RequireAuthorization call you basically have an anonymous endpoint. Call RequireAuthorization with no parameters instead.
How would I generate token for the users of my API with this package?
Geraldson, generating tokens for real users involves introducing an identity provider, either built by yourself or already built for you. I cover that in my .NET microservices program, here: dotnetmicroservices.com/building-microservices-with-dotnet
Thank you for this great tutorial
How I can generate a code and make register page and login
dotnet new blazor -au Individual
@@juliocasal I wanna make a webapi and for front-end I wanna use reactjs
how I can make this mix