Secure a .NET Core API with Bearer Authentication

I'm going to keep the track on this season, great series of tutorials. Awsome job man, just awsome!

This is really great. I watched about a million videos and blogs and all are talking bits and pieces but couldn’t get a complete picture. This session gave me the whole picture and finally I am able to successfully build a system for my purpose. Great explanations. Really loved !!!!

After searching for many many hours on this topic, with no luck, I came across this video. You explained things clearly and made a lot of sense out of a confusing topic. Many thanks!!

By far, the best tutorial on authentication. Thank you so much for this amazing tutorial.

Love your teaching style, very realistic and practical explanation. Thanks very much for making this video, you have demystified the Bearer Authentication a great deal

Thank you for putting this video together. This was especially relevant to something I am working on now and helped clarify a topic I was finding otherwise confusing when trying to read through the documentation. This video made is simple and straightforward. I've liked and subscribed, thank you again!

Great video! I'm a Sr Software Engineer (and manager) and found a lot of value in your video. Explained everything very well! Thanks for sharing!

Absolutely love the way you've explained all of this. I've been googling, watched other videos, tutorials, but nothing comes even close to what you've done here. Cannot thank you enough!

Thank you for explaining everything so clearly. I’ve been wanting to learn this for a long time. Since I started watching your videos it finally starts to make sense to me.

Les Jackson Sir. You save my lot of time. This is exactly what I have assigned to do. Superb!!!

Les Jacson σε ευχαριστούμε που υπάρχεις και μας δίνεις τόσες χρήσιμες συμβουλές!!

I went through all the steps. Wounderfully explained! Keep up the hard work!

The best video ever. Very well explained. What is missing is additional video in case you have swagger and you need to be able to test the API using AAD.

Awesome video, best teacher I have ever seen. Now I understand that whole bunch of Azure AD authentication via JWT Bearer Token in only 60 minutes. Thumbs up :-)

Wow! How easily you have explained this complicated topic. Thanks for sharing this video.

The Key things in your Videos are Very well explained, Practical usage and content oriented. Thank you so much for sharing your knowledge.

This is honestly the best .NET Core channel out there.

I found a lot of value in this video and the way it is explained is very impressive! Great video. Loved it

Ok, Les, you got me! I spent 2 days on your 3 hr. API video and transferred all that knowledge to my big project, works Great! Now adding the tokens. Lots of little bumps that force a good developer to understand their environments, like sometimes VS Code just gets lost and you have to restart it, all good. I love your stuff is CURRENT! 2017 is ancient times in technology;-) Enjoy the wine, wish I could deliver it personally and share a bottle to thank you. I think that would be a riot! Keep going and good luck! Oh yes, you should get yourself a green screen;-)

That is a great video tutorial. Thanks for explaining everything in a detailed manner. Looking forward to seeing more videos from you.

First time seeing your videos... subscribed to your channel in the middle of watching the video. Great content and great delivery! I'll look through to see some of your other titles and look forward to what you do in the future. Thanks for the great work.

Thank you so much. I have taken up learning about securing an Api and this video was a great beginning.

46:50 - music got me off the edge of my seat. The suspension was intense. Good video btw Les

Fantastic video - it's nice to follow a video through to the end and everything works! - I added the token to Postman and received a status 200 OK - looking forward to S3 E2 - thanks!

Thank you so much ... i loved it .. tried the same with Azure CLI since I wasn't having an access to Azure AD ... had a hard time with command line but now i can relate this stuff and search for precise Azure CLI commands ... Thanks again..

Thank you Les for your time. I was getting crazy until I saw your video with the resourceId "/.default" . I missed this part. Thank you.

Hi Les,
thank you for your time and for sharing with us this video 🤞

Super informational video. Followed it along in VSCode and although I had some issues in Azure (Granting API access was greyed out), it all worked and I can say I learned something very useful! Thanks for sharing!

Great video Les....I have been following your videos and found them extremly crisp and to the point without rushing in....It would be great if you did video on a production quality code for a small microservice app which would include Authentication / Authorization, Unit Testing etc. I know it might be a long video, but still it might be of great help...Thanks for your effort mate...

Thank you so much man, you just tabledout a lot for most of us. Awesome video

Thank you Les. This is really very helpful video and you explained every step very well . I was very much confused regarding this azure active directory steps . Now understand very well. I would love to watch your more videos.Thank you again.

Hi Les,
Just wanted to say thank you for making this video. This what i need to figure it out the Authentication flow on Azure Ad.

It's a very excellent video to explain such complicated topic and used the easiest way to demo how to achieve most of requests as we have to make sure them running in demon mode! thanks!

Pretty neat explanation in layman terms and been searching for this kind of video...thank you so much.

[EDIT] - I forgot to say thank you for the video, extremely useful indeed!
17:25 Regarding your advice not to use appsettings.json for production use. I can appreciate that there is a need to be careful with this during development: the application is on your local machine along with the appsettings.json file which reveals security critical information. And you certainly wouldn't want to commit that to git or any other version control.
But once you've deployed to your production environment I feel like it's pretty safe to use appsettings.json. This is because the file is then on the server (be it Azure or somewhere else). Nobody else has access to it. And, if they do, it means they already have control of your server and therefore the security has already been compromised.
So on local machine: be careful with appsettings.json as it contains secure information.
On production (deployed to server): appsettings.json is OK.
Do you disagree?

Wow this is awesome.. it'd be really helpful if you could make a series on this topic with other types of clients too. Loved it Les. Thank you so much

Thanks for putting this together! It really helped clarify a lot of things for me.

Very Satisfying video! content cleared laid out! I enjoyed and learned thoroughly! Best tutorial better than Udemy and Plural sight content! Thank you, Subscribed!!

Watch out on minute 31. Azure added an extra field when creating a client secret. Make sure you copie the value and not the ID!!
Super video thank you so much.

It's October 2022 but for me it's still the best free material about a practical approach to learn authentication in .NET on the internet.
Great job. Congratulations and thank you!

Thank you, Les, I would like to express my gratitude for your excellent video, and god bless you.

I immediately hit subscribe just by looking at the shelf in the background :) my kinda guy. Pluss, ofcourse, the content seems spot on for me (after 5 minutes in)

Excellent tutorial. Thanks a lot for demonstrating the practical approach.

Like your videos and style a lot! Will for sure buy your book in the near future! Thanks for the awesome material!

Awesome step by step tutorial for authenticating .Net core API.

So beautifully explained and coded. Thank You for making such stuff

You are a complete champion my friend, thanks!

Fantastic!!
This was a great tutorial coupled with lucid explanation.

Thank you so much for sharing your knowledge on this channel.
You made me a wise man :-)

Another great video from Les. I enjoy his teaching style and clear explanations. But I had to ditch this approach for securing the API I'm building because I cannot see how to set up user roles with this approach. I'm probably missing something simple, but it's throwing me for a loop. I would love to see a video showing how to set up user login and adding user role claims to the JWT token in Azure.

Watching your video like some rocking movies....Great mate!

Greatest .net core tutorial out there!

Thank you so much Les!!. Excellent!1 Real world problem and you covered it perfect. Easy to understand.

Superb Video Les!! Thank you soo much for explaining in detail.

Thank you so much for this tutorial, very well explained it helped me a lot.

I really enjoyed the video! Great job and VERY helpful.

Thank for nicely explaining the concept step by step, It was crystal clear :-).

Great channel! Thank you Les! Keep up the good work

Wonderful video, very nicely explained, This was really helpful to me. Thank you.

Great Video. Thanks for creating such a wonder video which is easily understandable.

well explained, even if im not azur developer, the concepts are well explained. keep going with the good work

Thanks Les, great video as always :)

Excellent and well explained one of the complicated topic, great work!!

Thank you very much for the amount of information that you made easy for us and that saved a lot of time, but frankly I was looking forward to seeing an illustrative example of a safe verification method for user authorization as full stack example :). We all very grateful for your efforts.
Best Regards

I am at 5:28, and I had no any info earlier, how this works, just what you show on your diagram, and scenario. Just for fun, from your diagram, I guess, the way it works is, that the JSON token is signed by one of Azure's private keys and the dot net core tool kit has the Azure's public key(s). This is how I'd implement this. I am looking for the end of the story, if I was right. Your videos are tremendously entertaining.

Jack, it was nice explanation,and cool to understand , thanks for the video.

Great Video. It saves me. I see a lot of implementation but they are quite complicated and not complete.

I like your other videos that have broken the parts of your video, it's easy to follow because I will know what topic you're talking to that point. It's hard to watch the video for more than 15 minutes.

I just finish :-)!! thank you a lot for all the tips, I really enjoy and learn with your way of teaching

Fantastic! As always.

Man that was cool - I just happened to be working on exactly these implementations, great clarity, fun music.

Les thanks for the video. It was helpful.

Great job you just got a new sub
Covered a good amount in a video while making it simple

Nice job, thanks for sharing your knowledge! From now on "Les is more for sure".

Great video again Les.

Great job! very well explained, bit by bit..

great tutorial! man, thanks so much!

fantastic sir,huge fan of you

Very well done, sir! Thank you!

Thanks Les for amazing video !!!!!!!!

Thank you so much for the crystal clear explanation. I was able to follow without any problem. Thanks once again for the great videos. Could you please do some videos on Microsoft Azure Services for Developers.

This video is amazing. It really helped me a alot - thanks a bunch :)

Congratulations with the great vídeo!

This is fantastic. Cheers mate!

Loved this video! Good explanation, my teachers could learn a lot from u!
I did get an error at the end: "The remote certificate is invalid according to the validation procedure".
But I got it working by adding this code right above making the httpClient:
HttpClientHandler clientHandler = new HttpClientHandler();
clientHandler.ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; };
The HttpClient then uses another constructer like this:
var httpClient = new HttpClient(clientHandler);
Thanks a lot! Subbed immediately ;)

Great tutorial, thanks!

Great video! Thanks man.

Thank you for nice explanation , it helped a lot...

Thank you so much. You saved me.

Greate video, thanks a lot, you have really good teaching skill

Thank you very much for your videos, I'm a student as an IT Dev, and your the best teacher I could ask for.

Thanks for such a great video

Awesome video Les :)

Les(s) is More, actullay ! .. Thanks again for the great video !! :)

The best thank you for the great job that youre doing

This is extremely usefull! thanks!

This is awesome!

Excellent video. Thanks

Wonderful session @Les

Good stuff again from Les