A nice video. I´m a mechanical engineeing and i started learning to program as a hobby. Your videos have always helped me a lot to understand and learn.
It would be really great ,if u can make a video on Microsoft Identity with JWT in Web API.... this video is a good starting point to understand how JWT works ..and another great video!!!!
A very nice tuto to follow in order to understand the basics of authentication. A short-lived AccessToken allows you to disable the RefreshToken so that if the profile is compromised, the user won't be able to generate a new AccessToken. Also, if a user is completely removed from the DB (the employee has left the company), then the RefreshToken should not be usable to generate a new AccessToken. The RefreshToken endpoint should have an Authorize attribute and no parameters, the user's information is to be retrieved in the HttpContext, so RefreshToken should be added as a claim and not returned in the login response.
Great video and explanation! I noticed you didn’t mention the Logout endpoint. Given that JWTs are stateless, what’s your opinion on implementing a logout endpoint using token blacklisting?
Dear Patrick, As much as I like these bite-sized capsules where you emphasize and teach on a specific aspect/functionality or concept, I'd like you to start a series, where you build a real world COMPLETE application starting from scratch(preferably with Angular and .NetCore) bit by bit. For us, your valued subscribers. You probably have and sell course of platforms Udemy Coursera etc. but I request you, give us regular subscribers something to cherish. Hope you understand where I'm coming from.
Why don't you take advantage of LLM's? You're in 2025, it's hightime that you should take help of LLMs as they're highly capable and highly effective to teach u in very easy way. Get the jest of the project from these videos and apply it later with the help of LLMs
como sugerencia, deberias agregar la opcion de traducir el video con voz en español, lo veo en muchos otros canales de idiomas diferente y es muy util, pero ahora tendre que usar una extension de doblaje, igual gracias por el contenido
I'd like to see this too, with roles being a separate class akin to how MS's Blazor WebApp implements authentication rather than just a string property on the User class
I wonder, isn't it better to use Microsoft Identity as it does all heavy lifting for us and provide endpoints like /login, /register etc out of the box. Your thoughts @Patrick
@@ProtikPC_pro_indigoIts neither Azure AD nor B2C Auth Servies. I am talking about Microsoft.AspNetCore.Identity.EntityFrameworkCore package. If we use this package we only need to configure it in program.cs file as below; builder.Services.AddIdentityApiEndpoints() .AddEntityFrameworkStores(); It does all the heavy lifting for us and provide endpoints linke login, register, forgotPassword, confirmEmail etc. I am new to AspNet world and really like it as I do not have to do more then just configuring it.
@@ProtikPC_pro_indigo No I mean installing following nuget package Microsoft.AspNetCore.Identity.EntityFrameworkCore and adding below configrations to program.cs file gives all the endpoints like login, register, forgotPassword etc out off the box. builder.Services.AddIdentityApiEndpoints() .AddEntityFrameworkStores();
Hello, I am using Dotnet Identity but I think it does not have JWT feature, so I only add tables and managers. I continue with JWT myself. I started to question the benefits of this, would I be more comfortable with my own User like yours? What do you think?
I have a question about JWT. What happens if the refresh token and the access token are exposed to an attacker. In that case, does the hacker have the possibility to steal the user account unless the user login again right?
This is only the server part (WebApi) ?! How do I use that to login to my Blazor WASM standalone app for example, And once logged in make additional REST calls to some secured endpoints of the Web API by adding those token in the HTTP request header my Blazor WASM app will send to the Web API ? Some endpoints will be secured other not, so if no user is logged in, no token will be in the HTTP header.
A nice video. I´m a mechanical engineeing and i started learning to program as a hobby. Your videos have always helped me a lot to understand and learn.
Cool, thank you so much for your feedback!
Best video on this subject I have found anywhere. Well done, sir.
Thank you very much. Appreciate it. 😊
needed it immediately and exactly ran into the video at very appropriate time. thx patrick
One question, can we use this in production. The same strategy? Or is there something more to it?
Very nice video! I liked the step by step building, from simple to more complex.
Great video. I hope you will consider making a video about Clean Architecture with Blazor in .NET 9 with us. Thank you for your work.
Noted😊
Yes . I needed to this tutorial so .Dear Patrick , We are waiting for it 🙏
@@PatrickGodyes please
Very impressive demonstration. Thanks Patrick.
Such a great video. It`s easy to follow and understand what is going on. Thanks Patrick.
It would be really great ,if u can make a video on Microsoft Identity with JWT in Web API.... this video is a good starting point to understand how JWT works ..and another great video!!!!
Thank you for well organized and clear tutorial ,God bless u
I’m a recent subscriber, and I really appreciate your videos!
Awesome! Thank you! 🙏
I really like your videos, new sub from Perú
Thank you so much! And welcome! 😊
A very nice tuto to follow in order to understand the basics of authentication.
A short-lived AccessToken allows you to disable the RefreshToken so that if the profile is compromised, the user won't be able to generate a new AccessToken. Also, if a user is completely removed from the DB (the employee has left the company), then the RefreshToken should not be usable to generate a new AccessToken.
The RefreshToken endpoint should have an Authorize attribute and no parameters, the user's information is to be retrieved in the HttpContext, so RefreshToken should be added as a claim and not returned in the login response.
Thank you for this very clear and concise video. Using Microsoft Identity for the user would be the only improvement I can point out.
Great Video man. I really like how you explain this stuffs man.
Great video, really enjoyed the walk through. I'll try to implement this flow on my next project.
❤❤❤❤❤❤
How do you make the visual studio go so smoothly?
What PC configuration do you have?
Thanks you my senior...
Thank you very much! Ciao from Italy
Thank you
Thanks a lot patrick
Awesome video love this! Thank you
Great video and explanation! I noticed you didn’t mention the Logout endpoint. Given that JWTs are stateless, what’s your opinion on implementing a logout endpoint using token blacklisting?
Dear Patrick,
As much as I like these bite-sized capsules where you emphasize and teach on a specific aspect/functionality or concept, I'd like you to start a series, where you build a real world COMPLETE application starting from scratch(preferably with Angular and .NetCore) bit by bit. For us, your valued subscribers.
You probably have and sell course of platforms Udemy Coursera etc. but
I request you, give us regular subscribers something to cherish.
Hope you understand where I'm coming from.
Why don't you take advantage of LLM's? You're in 2025, it's hightime that you should take help of LLMs as they're highly capable and highly effective to teach u in very easy way.
Get the jest of the project from these videos and apply it later with the help of LLMs
@heathens2867 LLM ?
@@ProtikPC_pro_indigo Large Language Model like ChatGPT.
@@ProtikPC_pro_indigo Fancy developer expression for AI.
@@SanityIT AI is an umbrella term and not specific to just LLMs. ANYWAY, I get the jest :p
Thank you!
Can you please make video about how to implement or adjust this authentication/authorisation in case if we have MVC application, not just Web API
Thank you for a great video. Would i be possible to create a video where you extend this with multitenancy?
very helpful video!
como sugerencia, deberias agregar la opcion de traducir el video con voz en español, lo veo en muchos otros canales de idiomas diferente y es muy util, pero ahora tendre que usar una extension de doblaje, igual gracias por el contenido
amazing
Thanks a lot.The best chanel.
Please,make real project with angular and .net core microservice.
Any plans on making a video on how to use this in a blazor page?
Thank you again for the well explain tutorial.
Can you make a video of how to use this Authentication with Blazor Server Web Application?
Very helpful, please apply this to Blazor WASM - Clean Architecture with an API/API controller.
Good morning, is there a compliment video to this one that shows how to use a Blazor WASM app to login?
I'd like to see this too, with roles being a separate class akin to how MS's Blazor WebApp implements authentication rather than just a string property on the User class
I wonder, isn't it better to use Microsoft Identity as it does all heavy lifting for us and provide endpoints like /login, /register etc out of the box. Your thoughts @Patrick
I wanted to ask the same question.
@@sohailshamsramay you mean like Azure AD B2C Auth Services ?
@@ProtikPC_pro_indigoIts neither Azure AD nor B2C Auth Servies. I am talking about Microsoft.AspNetCore.Identity.EntityFrameworkCore package. If we use this package we only need to configure it in program.cs file as below;
builder.Services.AddIdentityApiEndpoints()
.AddEntityFrameworkStores();
It does all the heavy lifting for us and provide endpoints linke login, register, forgotPassword, confirmEmail etc. I am new to AspNet world and really like it as I do not have to do more then just configuring it.
@@ProtikPC_pro_indigo No I mean installing following nuget package Microsoft.AspNetCore.Identity.EntityFrameworkCore and adding below configrations to program.cs file gives all the endpoints like login, register, forgotPassword etc out off the box.
builder.Services.AddIdentityApiEndpoints()
.AddEntityFrameworkStores();
Good
Hello, I am using Dotnet Identity but I think it does not have JWT feature, so I only add tables and managers. I continue with JWT myself. I started to question the benefits of this, would I be more comfortable with my own User like yours? What do you think?
I have a question about JWT. What happens if the refresh token and the access token are exposed to an attacker. In that case, does the hacker have the possibility to steal the user account unless the user login again right?
This is only the server part (WebApi) ?! How do I use that to login to my Blazor WASM standalone app for example, And once logged in make additional REST calls to some secured endpoints of the Web API by adding those token in the HTTP request header my Blazor WASM app will send to the Web API ? Some endpoints will be secured other not, so if no user is logged in, no token will be in the HTTP header.
Can i use those tokens in my Blazor WASM standalone app to allow the logged in user to access or not some pages based on its roles ?
Do I understand correctly that you always connect to the database with only one user and do not use the auth creds to connect to the db?
❤
I click like button before I watch this course 🫶🩷🩷
Thank you !