If everyone had the kind heart and the passion that Patrick has for teaching and .NET, the world surely would be a better place. Thanks as always, man!
Hey João, thank you so much for your kind words! I'm really touched to hear that you appreciate the passion and effort I put into my tutorials. My ultimate goal is to make learning .NET and Blazor as accessible and enjoyable as possible. Knowing that I've made a positive impact on your learning journey means the world to me. Stay tuned for more content, and if you ever have any questions or topics you'd like me to cover, feel free to reach out. Happy coding! 🚀💻
Great video! Would be great if you could add the following as well: 1. Authorization roles, policies, etc 2. Extending the existing feature set provided, like login/register/2fa and adding some own logic as well 3. Creating and using our own UserEntity class instead of IdentityUser. 4. Integrating it with Blazor 8 using the best practices Thanks!
Yes that that would be grat. Also how to use Authentication and Authorization in a seperate service (API) and connect it to the front end and also other services (APIs).
Hey Jeffrey, thank you so much for the kind words! I'm humbled to hear that you consider me a cornerstone in the .NET community. My mission has always been to help others learn and grow in the field, and knowing that I've made a positive impact is incredibly rewarding. If you have any topics you're curious about or suggestions for future tutorials, please don't hesitate to share. Your feedback is invaluable. Thanks again for your support, and happy coding! 🚀💻
so if I have application with auth + CRUD for blog posts, I will have 2 data classes? 1, inheriting from IdentityDbContext, then the other is just DbContext?
This is brilliant! It covers so many types of authentication in such a short video & it's easy to follow along with. Granted that it doesn't quite go in-depth with how the authentication types work properly but it shows how to implement it all, step by step, without any issues! Thanks for sharing this & keep doing what you do. You're helping so many developers/engineers, myself included 😁
so my project runs on Identity 2.2.0 (deprecated) I migrated my project from .NET 6 to .NET 8 but still my code runs on the deprecated package. it feels scary to update it! I planning to add refresh token with my existing JWT how should I go about it ?
Thank you for this instructive video. It's really nice how it's so simple now. I would really love a followup video explaining logging with google/MS/Apple or the two way authentification.
😂 if you open . Csproj file, you can see PackageReference tags, i just copy and paste from one project to another, as soon as you copy and save the proj file, it automatically install all the nuget packages.
Has anyone actually tried to mirror the code? Got stuck at 4:41 as my VS IDE (.NET8) does not give me the same options (install packages for IdentityDbContext - those "using" instructions are not necessary, anyways if IdentityDbContext class is created in a separate file) as in the video. generates a lot of errors . Terrible. Total waste of time.
A question, i have implemented it in my API project, but (i'm using controllesr too) i can't find the controller relative to the auth functions, or i have to create a service that inherits from the identity one ?
would there be a way to move those authentication endpoints into a controller? also is it possible to run middleware such as body decryption or header validation on this?
I am getting this error no matter what I do: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) // why?
Hi, @PatrickGod First, great video! Thanks for that. You told that token isn't a JWT. For professional applications, the mode showed in the video is safe? PS: Sorry for the english. I'm from Brazil, and I'm trying to write without Google Translator to learn.
so my project runs on Identity 2.2.0 (deprecated) I migrated my project from .NET 6 to .NET 8 but still my code runs on the deprecated package. it feels scary to update it! I planning to add refresh token with my existing JWT how should I go about it ?
Thats nice, but how about when you need to use it in a real world situation with old user database and information? i need to make custom sql query requests to fetch a custom user object that i then need to access from my controllers? i can't just use identity database because my user database is used systems coded 15 years ago
Hi, Thanks for the video. After authorizing , am not getting lock symbol in weatherforcost method. and still shows lock open and shows 401. But Authorized when i send Bearer and Token.Could you please help me to fix this. Thank you
I made the settings for Swagger like as you did, but it doesn't send the authorization header. And it only works with Postman. And I would like to ask you a tutorial about role-based authentication.
Hi Patrick, is it possible to invalidate bearer tokens created with this method? I am trying to create a logout endpoint for my app but I can't find a way to do this.
thank you for this wonderful tutorial. I am however having issues replicating it fully. Everything works except authorization. I login and receive token. I use the token to authorize the swagger. But when I try to execute the weatherforcast endpoint, I receive the 401 response "Unauthorized" response. I have tried replicating your tutorial twice with different new projects and the result is the same. Please advise. Thanks
Hi Patrick, thanks so much for the video. I just have a quick question, with these new security controllers, is there a way for us to be able to override the default logic? E.g. if I wanted a bespoke /register controller
Would you consider doing a video on implementing custom OAuth identity providers in Blazor WASM Hosted, similar to your Google OAuth video, but for non-standard OAuth providers, such as Discord, Battlenet, Github, etc.
Hello Patrick, I'm a huge fan of your videos. I've bought a course on udemy too. In this case the video is nice and helpful too. But it would be good to let people know that using duende identity api's can be a license thema. So if you develop an open source application you've to inform everyone that if you use that application in a commercial context, depending on the size of your comopany you've to pay license fees to duende! I would be very thankful, If you can make a video about Authentication and Authorization without Duendes Identity API's in .NET8. Wish you all the best and thanks for your videos!
Hi Patrick! I can't figure out how to change the time the token expires from 3600 to something like 30 days. I tried even to ask Copilot but it gives me wrong source code to change it. I even told it that I am using .NET 8. If you could give me a hint how to do it in .NET 8 it be great.
Hi Patrick! This is pretty new to me as I am used to making my own code that does those functions. How do you configure the Register controller? For example lets say I want to also execute some other code when registration happens, or change the password requirements. How can I do that?
Great video. Any pointers how to actually send an email when new user Registers new account? I am unable to view Register action and its unclear how to inject email action compared to a Web App. Thank you
That was amazing although faced few issues like separate DAL and lib version 7.0.11 . But I am able to achieve this with dotnet 8 and Postgress db Thanks
Need some guidance. If I want to use Identity in this way but instead of a password, use a one-time code instead, how could I achieve this, would appreciate any tips.
Hi great tutorial, I followed all the steps but after launching the API I didn't get endpoint like register , login etc. I only have default weatherforcast. Is there anything else I have to do to get other authentication end points. Thanks
Great video, thanks Patrick. There seems to be one missing piece of the puzzle though. This is great from Swagger, but - when you need to send the cookie (as Bearer), then how is it possible to grab the aspnet cookie - from Wasm especially - to be able to pass it? I can't find anyway from Wasm to be able to grab the cookie (apart from AFTER rendered, via JsInterop which is too late - unless i'm missing something)
It's a handy tutorial. Could you tell me how I can custom API, such as I don't want to allow normal users to access the register API, only the admin or manager can access it?
Hey Patrick thank you so much for great explanation of Authentication Flow with Identity in .NET 8 Web Api !! 👌Can you please explain or make a tutorial with MongoDb version of this one and/or the key points of implementation of MongoDb?
dear Patrick . Tank you for your great videos . I have one problem : How can i register and login user in blazor app server .net8 with api ? i want authorized API when user login to website . so i want create role for user that for example just admin access to [httppost] in controller.internal api or external api not defferent . Tank you very much
Great video Patrick. However, I must ask what was the improvement that has been made compared to previous version of dotnet? It'd have been nice if you quickly showed the previous way of doing Auth in dotnet. Great video bdw.
I've learned more in a couple minutes than I did in a full semester. Now, what if I want to generate api key in case I want to give other people access to some data without the need of an account?
May, the fourth.. anybody? 🌌
sir please make a video for External Authentication with Yahoo in Asp net core
I got it, may the fourth be with you
@@joaomarcelofurtadoromero8277 This is the way. ❤️
If everyone had the kind heart and the passion that Patrick has for teaching and .NET, the world surely would be a better place. Thanks as always, man!
Hey João, thank you so much for your kind words! I'm really touched to hear that you appreciate the passion and effort I put into my tutorials. My ultimate goal is to make learning .NET and Blazor as accessible and enjoyable as possible. Knowing that I've made a positive impact on your learning journey means the world to me. Stay tuned for more content, and if you ever have any questions or topics you'd like me to cover, feel free to reach out. Happy coding! 🚀💻
My plumber: "While I'm fixing this garbage disposal, let me tell you about using a distributed cache."
This is the absolute first anything I have ever subscribed to on TH-cam. This is perfect.
Thank you so much!! Really appreciate it! 😄
Great video! Would be great if you could add the following as well:
1. Authorization roles, policies, etc
2. Extending the existing feature set provided, like login/register/2fa and adding some own logic as well
3. Creating and using our own UserEntity class instead of IdentityUser.
4. Integrating it with Blazor 8 using the best practices
Thanks!
Yes. It would be great to see the same token/cookie working with other API's and a Blazor client (kind of a SSO).
Yes that that would be grat. Also how to use Authentication and Authorization in a seperate service (API) and connect it to the front end and also other services (APIs).
Halo, do you find a way using roles with this method, and is it possible at all???
Hey Patrick. Thank you for everything you do and for being a cornerstone in the .NET community.
Hey Jeffrey, thank you so much for the kind words! I'm humbled to hear that you consider me a cornerstone in the .NET community. My mission has always been to help others learn and grow in the field, and knowing that I've made a positive impact is incredibly rewarding. If you have any topics you're curious about or suggestions for future tutorials, please don't hesitate to share. Your feedback is invaluable. Thanks again for your support, and happy coding! 🚀💻
Tried implementing this from an article I saw a while back and it didn't work, glad this came out!
Amazing, Microsoft did a great job with this feature in .Net 8, thanks Patrick for this introduction!!!
Glad it was helpful!
You are so chilled man
Brilliant videos
i searched alot , but you were just so perfect on this tutorial and i learned alot , you deserve like and sub , thx man
Thank you so much! Appreciate it. 😊
Thanks, man! Very much appreciate your work!
When took some NZT pills and decided to become a developer :) Thanks a lot, Patrick!
I was waiting for this video!
Is there a way to use the new Identity Endpoints without EF? Eg. if I'm already using Dapper for db communication?
Are there any examples of this that don't use EF? Some objects templates with something like Dapper?
so if I have application with auth + CRUD for blog posts, I will have 2 data classes? 1, inheriting from IdentityDbContext, then the other is just DbContext?
This is brilliant!
It covers so many types of authentication in such a short video & it's easy to follow along with.
Granted that it doesn't quite go in-depth with how the authentication types work properly but it shows how to implement it all, step by step, without any issues!
Thanks for sharing this & keep doing what you do. You're helping so many developers/engineers, myself included 😁
so my project runs on Identity 2.2.0 (deprecated)
I migrated my project from .NET 6 to .NET 8
but still my code runs on the deprecated package.
it feels scary to update it!
I planning to add refresh token with my existing JWT
how should I go about it ?
But how does the auth work across separate microservices? That would be good to know.
Thank you for this instructive video. It's really nice how it's so simple now. I would really love a followup video explaining logging with google/MS/Apple or the two way authentification.
This tutorial saved my life. Thank you.
Can you please elaborate refresh token concept also. Once access token expires, how to implement refresh token thing?
Sooooooo Much Love from Pakistan
you are really great teacher for me!😀😊
I wasted half a day because I added the wrong library. Be careful when adding libraries!!!
😂 if you open . Csproj file, you can see PackageReference tags, i just copy and paste from one project to another, as soon as you copy and save the proj file, it automatically install all the nuget packages.
You are the best...... Straight to point as always........ Love you man..... YOU are the BEST 😇
It’s great, what You are showing here. Could You prepare tutorial how to use new authorisation in Blazor WebAssembly, please?
Thank you man, really appreciate your work!
If i need add custom identity data like AplicationUser i need yo use a custom endpoint? Or there’s a way to do it on the built in endpoint!?
Has anyone actually tried to mirror the code? Got stuck at 4:41 as my VS IDE (.NET8) does not give me the same options (install packages for IdentityDbContext - those "using" instructions are not necessary, anyways if IdentityDbContext class is created in a separate file) as in the video. generates a lot of errors . Terrible. Total waste of time.
I am watching your tutorial when our baby also sleep:)
Hi, will this work in blazor 8, be great to see more info on how to implement auth in blazor web app. compared to blazor server and wasm. :)
A question, i have implemented it in my API project, but (i'm using controllesr too) i can't find the controller relative to the auth functions, or i have to create a service that inherits from the identity one ?
Same question!
would there be a way to move those authentication endpoints into a controller?
also is it possible to run middleware such as body decryption or header validation on this?
hi when i execute dotnet ef migrations add Inital, it remove all my dependencies or ef core, identity, design...what happens?
Timely. Thanks!
You're welcome!
I am getting this error no matter what I do: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) // why?
Hi, @PatrickGod
First, great video! Thanks for that.
You told that token isn't a JWT. For professional applications, the mode showed in the video is safe?
PS: Sorry for the english. I'm from Brazil, and I'm trying to write without Google Translator to learn.
Same question
Question, the section on cookies. Is the cookie stored on the server after valid email/password??? I don't see it in the response
Hi Patrick, Can we add relation between other table and identity user table?
can we configure it to use phone and otp for login instead of email/password?
Did I miss something where we are setting IssuerSigningKey?
Is it possible to disable some of those "out of the box" controllers? 2fa for example..
so my project runs on Identity 2.2.0 (deprecated)
I migrated my project from .NET 6 to .NET 8
but still my code runs on the deprecated package.
it feels scary to update it!
I planning to add refresh token with my existing JWT
how should I go about it ?
What id colors setup do you use?
Do you have a video of how to customize the /register controller generated by NetCore Identity?
Just a Question how can we protect the Register call from getting called by anyone ?
Excellent video, as usual!!! Thank you.
Thats nice, but how about when you need to use it in a real world situation with old user database and information? i need to make custom sql query requests to fetch a custom user object that i then need to access from my controllers? i can't just use identity database because my user database is used systems coded 15 years ago
What about m2m and reference tokens? Also what about protecting api resources and using introspection to authenticate tokens? Also what about scopes
Awesome and informative as always!! 💯❤
Hmn, I don't want the generating authentication register/login. I have the table User in my database, how to use it for authentication?
same question !
How do you change the time the token expiresIn, it is 3600 by default. Also can you add roles using this method?
Asking after 3 months, do you find a way using roles with this method, and is it possible at all???
Hi, Thanks for the video. After authorizing , am not getting lock symbol in weatherforcost method. and still shows lock open and shows 401. But Authorized when i send Bearer and Token.Could you please help me to fix this. Thank you
I made the settings for Swagger like as you did, but it doesn't send the authorization header. And it only works with Postman. And I would like to ask you a tutorial about role-based authentication.
Thanks Patrick for this wonderful tutorial.
Why don't i have an authorization controller? There are no routs such as login, register, etc.
Hi Patrick, is it possible to invalidate bearer tokens created with this method? I am trying to create a logout endpoint for my app but I can't find a way to do this.
Cool stuff - thanks :)
When should I use Bearer Tokens instead of JWT?
Thanx for another great video!!!👍👍
So nice of you.Thanks!
thank you for this wonderful tutorial. I am however having issues replicating it fully. Everything works except authorization. I login and receive token. I use the token to authorize the swagger. But when I try to execute the weatherforcast endpoint, I receive the 401 response "Unauthorized" response. I have tried replicating your tutorial twice with different new projects and the result is the same. Please advise. Thanks
Hi Patrick, thanks so much for the video. I just have a quick question, with these new security controllers, is there a way for us to be able to override the default logic? E.g. if I wanted a bespoke /register controller
Hey, how can I add it to an existing web api ?
Thank you for using controllers! No enterprise application I know of using minimal apis
Would you consider doing a video on implementing custom OAuth identity providers in Blazor WASM Hosted, similar to your Google OAuth video, but for non-standard OAuth providers, such as Discord, Battlenet, Github, etc.
Is there a demo on how to setup .net 8 api with identity to google oauth with react frontend ?
Hello Patrick,
I'm a huge fan of your videos. I've bought a course on udemy too. In this case the video is nice and helpful too. But it would be good to let people know that using duende identity api's can be a license thema. So if you develop an open source application you've to inform everyone that if you use that application in a commercial context, depending on the size of your comopany you've to pay license fees to duende!
I would be very thankful, If you can make a video about Authentication and Authorization without Duendes Identity API's in .NET8.
Wish you all the best and thanks for your videos!
Hi, Does anyone have a hint how to limit options from this new identity for example to to delete two factors methods endpoint?
Amazing content, thanks a lot
My pleasure!
You did not install anything to use IdentityDBContext. Is it a built in thing?
Hey is the refresh token working by itself too and refreshes the bearer automatically if it is expired ?
please continue this tutorial make a part 2, to integrate it into a spa :D:D
Hi Patrick! I can't figure out how to change the time the token expires from 3600 to something like 30 days. I tried even to ask Copilot but it gives me wrong source code to change it. I even told it that I am using .NET 8. If you could give me a hint how to do it in .NET 8 it be great.
Hi Patrick!
This is pretty new to me as I am used to making my own code that does those functions.
How do you configure the Register controller?
For example lets say I want to also execute some other code when registration happens, or change the password requirements. How can I do that?
Very useful guide, thank you!
How can I retrive JWT insted of this bearer string?
Great video. Any pointers how to actually send an email when new user Registers new account? I am unable to view Register action and its unclear how to inject email action compared to a Web App. Thank you
That was amazing although faced few issues like separate DAL and lib version 7.0.11 . But I am able to achieve this with dotnet 8 and Postgress db Thanks
Need some guidance. If I want to use Identity in this way but instead of a password, use a one-time code instead, how could I achieve this, would appreciate any tips.
Hi great tutorial, I followed all the steps but after launching the API I didn't get endpoint like register , login etc. I only have default weatherforcast. Is there anything else I have to do to get other authentication end points.
Thanks
How can you modify these endpoints??? I want to add username but I couldn't do it :(, would be amazing if you make a video about it!
How do you scaffold identity API Endpoints
but now how i disable identity register route?
Great Tutorial!
Would love to see social login next.
Dumb question, how do you log out again with a httpOnly cookie?
Super tutorial. One question: how can we set the expiresIn value to something besides 3600?
Got it. For anyone else struggling:
builder.Services.ConfigureAll(option =>
{
option.BearerTokenExpiration = TimeSpan.FromDays(1);
});
You are the best. Thank you!
Great video, thanks Patrick. There seems to be one missing piece of the puzzle though. This is great from Swagger, but - when you need to send the cookie (as Bearer), then how is it possible to grab the aspnet cookie - from Wasm especially - to be able to pass it? I can't find anyway from Wasm to be able to grab the cookie (apart from AFTER rendered, via JsInterop which is too late - unless i'm missing something)
what if i want to make role for every user like ( ... Admin , User , SuperAdmin )
It's a handy tutorial. Could you tell me how I can custom API, such as I don't want to allow normal users to access the register API, only the admin or manager can access it?
So i have no access to those methods from the code?
How to add Roles, Claims etc? o_0
Hey Patrick thank you so much for great explanation of Authentication Flow with Identity in .NET 8 Web Api !! 👌Can you please explain or make a tutorial with MongoDb version of this one and/or the key points of implementation of MongoDb?
dear Patrick . Tank you for your great videos . I have one problem : How can i register and login user in blazor app server .net8 with api ? i want authorized API when user login to website . so i want create role for user that for example just admin access to [httppost] in controller.internal api or external api not defferent . Tank you very much
That's cool. Nice feature.
Thank you.
Great tutorial!! Thx
Great video Patrick. However, I must ask what was the improvement that has been made compared to previous version of dotnet? It'd have been nice if you quickly showed the previous way of doing Auth in dotnet. Great video bdw.
Hey! Here's the video with JWTs in .NET 7. Hope this helps: th-cam.com/video/UwruwHl3BlU/w-d-xo.htmlsi=v4pXBo-AIGl1tVuf
So, all of those APIs are ... just part of the packages and no code required?
What is the content of the cookie ? Does it store some session in database ? Its not jwt, what is it ?
it is in the Application memory.
Thank you Very much for this amazing video
Thank You! Great, simple, eficient. It would be nice if we could see something like a SSO with other API's and/or a Blazor client. 🙏
I've learned more in a couple minutes than I did in a full semester. Now, what if I want to generate api key in case I want to give other people access to some data without the need of an account?
Thank you. I hope you will make Role-based authorization for .net 8 in a web API
looking for Windows Auth without entityFramework. pls help!