Hi Frank, You have explained this in very simple way which is very easy to understand. Can you show this with one example using JWT Token as an authentication token instead of cookie
Awesome tutorial in the series Frank. could you do an episode that uses Identity(UserManager, etc), EF Core coupled with user registration and confirmation ?
Should Claim types be saved in the Authentication DB as well so that I can dynamically create the Claims depending on the user's role? Something like: var claims = new List { new Claim(ClaimTypes.Name, UserLogin.UserName), new Claim(UserLogin.ClaimType, UserLogin.ClaimValue) }; where UserLogin is what's been returned by the auth db upon sucessful authentication.
Yes of course, I guess he was only hard coding this for demo purposes. In real world applications, you'd probably assign claims dynamically from the database when a user is authenticated successfully.
Policy and requirements are for protecting resources. Hence, unless your auth server is your resource as well, they will have to be written on the resource server. Even when you use an external auth server like Identity Server , Azure or other third part solutions, you will still need to write your own policies to protect your resources.
To get the complete course: frankliucs.com/identity
Man, your way of teaching is so simple. First you show me what the problem we are going to solve rather than simply doing it. Thanks a ton
I liked the playlist you have created for "ASP.NET Core Security" it helps a lot !
Great Explanation. This series is much better than Pluralsight courses. Thank you so much!
Glad that it helps you with your study and work and thanks for supporting me!
Best Explanation on Authentication and Authorization
Hi Frank,
You have explained this in very simple way which is very easy to understand.
Can you show this with one example using JWT Token as an authentication token instead of cookie
JWT is covered in the full course, but I don't remember if it covers the exact scenario.
@@FrankLiuSoftware,
Thanks for your quick reply.
Please share the video link
Excellent videos!! thanks!
You are really amazing..
very well explained both parts. kudos!
Thanks a lot, Is there a big difference between us using Policy= instead of Roles=?
Policies are more flexible.
Awesome tutorial in the series Frank.
could you do an episode that uses Identity(UserManager, etc), EF Core coupled with user registration and confirmation ?
These are the first part of my course on asp.net core identity and security. Those will be in the full course for sure.
@@FrankLiuSoftware thank you Frank.
Should Claim types be saved in the Authentication DB as well so that I can dynamically create the Claims depending on the user's role? Something like:
var claims = new List
{
new Claim(ClaimTypes.Name, UserLogin.UserName),
new Claim(UserLogin.ClaimType, UserLogin.ClaimValue)
};
where UserLogin is what's been returned by the auth db upon sucessful authentication.
Yes of course, I guess he was only hard coding this for demo purposes. In real world applications, you'd probably assign claims dynamically from the database when a user is authenticated successfully.
Should the policies and requirements be written in the resource server or the auth server ?
Policy and requirements are for protecting resources. Hence, unless your auth server is your resource as well, they will have to be written on the resource server. Even when you use an external auth server like Identity Server , Azure or other third part solutions, you will still need to write your own policies to protect your resources.