Get the source code for this video for FREE → the-dotnet-weekly.ck.page/cognito Want to master Clean Architecture? Go here: bit.ly/3PupkOJ Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt
Great video!. I have a specific question regarding the customization of token authentication. How can one push a "custom claim" to the identity provider in this setup? Custom claims are crucial for fine-grained access control and personalizing the user experience. For a follow-up video, I think it would be incredibly beneficial to explore how to migrate an existing application that uses Entity Framework Identity to this new authentication mechanism. Many of us work on legacy systems or projects that aren't starting from scratch, and the challenge of migrating to a more modern authentication solution like Amazon Cognito, especially concerning handling passwords and user data securely, is a significant hurdle. A detailed guide on this migration process, including best practices for handling sensitive data like passwords during the transition, would be invaluable to developers.
You can give this a try: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html I usually run Authorization checks on the backend, based on the User ID, and then cache the result for a short period
Excellent tutorial. Just one little correction: you need to use /.well-known/openid-configuration in your MetadataAddress in appsettings.json. If you only paste your Authority, the whole thing doesn't work. BTW, I hadn no problems with UseHttpsRedirection();
Doesn't it end up being the same though? Authority (the setting) is part of /.well-known/openid-configuration Edit: I see now what you mean. I started off with the correct setup, but ended up copy-pasting the Authority twice. Although this is most likely fixed at runtime, since the end solution ends up working.
Thanks for the Video Milan. What can you do if you have 2 different kinds of users? For example a organizerUser and a customerUser. The organizerUser has different rights and only he can access specific endpoints that the customerUser can not reach. How to model that with AWS Cognito?
@@MilanJovanovicTech I am just trying to to take a look at some open source free solutions for identity and figure out that there are a couple of them😂 no silver bullet😂😂
Is it possible to keep an existing user database on-prem without moving users to AWS? We dont want to force all users to change password or create new accounts.
@@MilanJovanovicTechI am not getting the metaphor. What's the hammer? Is it Microsoft? Is it dotnet? And what are the nails? I think Microsoft offers first class support for dotnet. This is not the case with AWS. You'll find that for the serverless stack like AWS Lambda, they use JavaScript in their developer documentation, which means that they are mostly trying to capture the JavaScript developer market. Python is a close second. In Azure documentation, C# is used in almost all code examples.
@@rsgilbert6152 I just think we shouldn't be confined to any cloud provider. Learn all of them. Learn how to deploy things yourself. An API and DB Server aren't too complicated. And if you're at scale, find people who are really good at managing that kind of infrastructure.
you are awesome just like your videos :) i hope you make a video about adding google authentication to asp net core web api not mvc and also it should be worked if i you already have jwt authentication using email and password using asp net identity.
Get the source code for this video for FREE → the-dotnet-weekly.ck.page/cognito
Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt
Www
😅
Awesome that AWS finally reached out to Milan so he can create AWS videos
Thanks! More AWS videos to come :)
Great video!.
I have a specific question regarding the customization of token authentication. How can one push a "custom claim" to the identity provider in this setup? Custom claims are crucial for fine-grained access control and personalizing the user experience.
For a follow-up video, I think it would be incredibly beneficial to explore how to migrate an existing application that uses Entity Framework Identity to this new authentication mechanism. Many of us work on legacy systems or projects that aren't starting from scratch, and the challenge of migrating to a more modern authentication solution like Amazon Cognito, especially concerning handling passwords and user data securely, is a significant hurdle. A detailed guide on this migration process, including best practices for handling sensitive data like passwords during the transition, would be invaluable to developers.
You can give this a try: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
I usually run Authorization checks on the backend, based on the User ID, and then cache the result for a short period
Excellent tutorial. Just one little correction: you need to use /.well-known/openid-configuration in your MetadataAddress in appsettings.json. If you only paste your Authority, the whole thing doesn't work. BTW, I hadn no problems with UseHttpsRedirection();
Doesn't it end up being the same though? Authority (the setting) is part of /.well-known/openid-configuration
Edit: I see now what you mean. I started off with the correct setup, but ended up copy-pasting the Authority twice. Although this is most likely fixed at runtime, since the end solution ends up working.
@@MilanJovanovicTech yeah must be fixed. But I got a bit confused figuring this out myself.
eagerly waiting for the next video
Thanks. Did you check the Keycloak videos?
Thanks for this video Milan.
Have you already recorded the Azure approach?
What would be the Azure approach you have in mind?
Why does https causes the problem? From what I remember I have used https with other Identity Providers locally without any issue.
Not a Cognito issue - it's a problem with UseHttpsRedirection middleware. More info here: learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
Thanks for the Video Milan. What can you do if you have 2 different kinds of users? For example a organizerUser and a customerUser. The organizerUser has different rights and only he can access specific endpoints that the customerUser can not reach. How to model that with AWS Cognito?
You can add custom claims, and use those to authorize the user
Now, you're showing AWS Tech, Could you show us how to implement Clean Architecture with AWS Lambda Functions in a .NET project? Can't wait!
AWS Lambda? Writing that down, could be an idea for a next project.
Cool video, thank you. Do you have any video for KeyCloack and OpenIdDict?
Haven't made one for Keycloak yet (other than in my courses 😅). I'm planning to make an intro video on Keycloak at some point
@@MilanJovanovicTech I am just trying to to take a look at some open source free solutions for identity and figure out that there are a couple of them😂 no silver bullet😂😂
Any thoughts on using Cognito for Blazor WASM applications?
Great fit, as is any IDP
Is it possible to keep an existing user database on-prem without moving users to AWS? We dont want to force all users to change password or create new accounts.
I haven't tried it, but I expect there is a feature for user import. Let me do some digging 🤔
I use gateway for authentication when working with cloud providers. What are possible usecases / benefits of authentication in the code?
The gateway does the same thing as demonstrated here
Man. You really know dotnet. What I dont understand is why you're using AWS instead of Azure. Isnt that a clash of tech-stacks?
If all you have is a hammer..
@@MilanJovanovicTechI am not getting the metaphor. What's the hammer? Is it Microsoft? Is it dotnet? And what are the nails?
I think Microsoft offers first class support for dotnet. This is not the case with AWS. You'll find that for the serverless stack like AWS Lambda, they use JavaScript in their developer documentation, which means that they are mostly trying to capture the JavaScript developer market. Python is a close second.
In Azure documentation, C# is used in almost all code examples.
@@rsgilbert6152 I just think we shouldn't be confined to any cloud provider. Learn all of them. Learn how to deploy things yourself. An API and DB Server aren't too complicated. And if you're at scale, find people who are really good at managing that kind of infrastructure.
Cognito equivalent on Azure is Azure AD B2C and that is really painful to work with.
Is there any video with the same goal but using Azure resources (Azure AD B2C)?
Not yet
Great video, thanks for sharing
You bet
Can we implement RBAC using Cognito?
Yes: docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html
Why is there issue with https? how can we overcome it because I would want my app to be on https
It's unrelated with Cognito. But you can check this out: learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
you are awesome just like your videos :)
i hope you make a video about adding google authentication to asp net core web api not mvc and also it should be worked if i you already have jwt authentication using email and password using asp net identity.
That's a great suggestion
Спасибо 🥰☺
@@MilanJovanovicTech
OMG. This is amazing!. 😛
Hey, thanks. I'm glad you liked it :) It's a bit slow, but it should help people starting out with Cognito.