JWT AUTHENTICATION In ASP NET Core with Azure AD | Getting Started With ASP.NET Core Series
ฝัง
- เผยแพร่เมื่อ 10 ก.พ. 2025
- Hey Friends, I am back with the much asked about video on Authentication. It did take some time to put together and I hope you find it helpful.
When building applications we often want to control access to it. The process of securing your application is commonly referred to as authentication and authorization.
In this video, let's learn how to protect your ASP NET Core Web API using JWT Bearer Token. We will be using Azure Active Directory as our identity provider and see how to integrate with it from our application and how everything works together.
🔗 Blog Post www.rahulpnath...
🔗Source Code - rahulpnath.vis...
🔗Protected Web API - docs.microsoft...
🔗 Microsoft Identity Platform - docs.microsoft...
🔗Token Flows - docs.microsoft...
🔗Implicit Flow - docs.microsoft...
🔗Postman - www.postman.com/
🔗Fiddler -www.telerik.co...
Additional Watching
📹STARTUP CLASS - • THE STARTUP CLASS In A...
📹MIDDLEWARE - • MIDDLEWARE in ASP.NET ...
📹ASP NET Core Series - • ASP.NET Core
Come say hi! ✋
🌍 Blog - rahulpnath.com/
✉ Subscribe to my Newsletter - www.rahulpnath...
🐦Twitter - / rahulpnath
📸Instagram - / rahulpnath
🎥 Recording Setup and Workflow - www.rahulpnath...
Video Edited by my wife, Parvathy 😍
Make sure to SUBSCRIBE to the channel. THANK YOU for helping me grow this channel !!
Hope you all enjoy this video Here is the source code I used rahulpnath.visualstudio.com/DefaultCollection/TH-cam%20Samples/_git/jwt-authentication
Do drop in your comments!
U are awesome buddy ....I am also a Dot net full stack developer.
Your video great 🙂👍
Thank you heaps! Glad you like it 😀
We are waiting for next video on Authorization and explicit flow.
@@mdabuzar2130 Thank you. Sure will do one.
Nice tutorial, but why do I'm having an invalid certificate? also if I used resource parameter, it's said it's not supported.
I like the fact that there is no filler in this video. To the point and precise. Subbed !
Thank you Sojan! Do check out the full series, I'm sure you will like it bit.ly/asp-net-core-series
Extremely good explanation of Authentication and Authorization. Also provides extra information about new tools.
Thank you for taking the time to explain this! Really loved the bits you dived into to show what requests are being made under the hood.
Great! Thank you Sahan. Yes, I have always felt that mysterious and never explained anywhere explicitly, which was particularly why dived in to understand a bit of the internals. Glad you particularly called that out. Made that effort paid 😀
One of the best tutorials on TH-cam! Thanks Rahul :)
Most welcome Bhanu. Do check out the full series here th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
Rahul,
Very good video on B2C. Great explanation of the relevant topics. Precise and concise.
Glad you liked it
This is an excellent tutorial to understand the Azure AD authentication system. Very clear.
Great to hear!!
Hands down the best explanation on the JWT concept. Rahul - you rock!
Happy to hear Manish! 😀
Perfect explanation with simple language. Easy to understand. Thanks for the information
Glad it was helpful! Check out the full ASP Series here bit.ly/asp-net-core-series
Really good explanation of Authentication and authorisation concept❤
Glad you liked it Vinod! Hope you are liking the series bit.ly/asp-net-core-series
Excellent video sir , i solved my issues in auth after watching your video .. thanks man 👍👍
That's awesome and happy to hear. I am sure you will like the other videos in my ASP NET Series. Do check them.
Thanks for explaining it in the simple and best way... Keep making videos for Azure and.net core
Thank you Ashish, happy you liked it and sure will make more! Do let know if you have particular topics to be covered.
Rahul, Awesome. outstanding and confidence in explaining the concept and demonstrating it.
Glad you like it Anjan. Do check the full ASP Series here bit.ly/asp-net-core-series
Really loved the article. Waiting eagerly for the other flows as well..
Thank you for letting me know. Sure will add on the other flows soon! Meanwhile, you might like my other ASP Net Core videos th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
Very good tutorial Rahul. If you could kindly create a video with a front-end application for obtaining the token and then passing to WebAPI, it will be very useful.
Glad you liked it Ananth. Sure will that's on my backlog list. Slowly catching up 😀
It is really helpful..not only this explanation..all your videos are very helpful
Thank you Moumanti !
Nice one!
easy to understand but I love to see more diagrams for the explanation details. Also love to hear more about best practives for JWT auth based on your own experience @rahul
i have read lot of things but this video clear alot
That's nice to know. Thank you Naveen. Do check out the full series here bit.ly/asp-net-core-series
Nice video. Cleared my doubts around authentication and authorization.
Glad to hear that - do check out the ASP Series bit.ly/asp-net-core-series
Very well explained. Thank you, Rahul! Moreover, the instructor has an intonation that makes me listen/watch carefully.
First time I haven't got distracted and watched till the end at once :)
Glad you enjoyed it Anar! Do check out other videos in this series here bit.ly/asp-net-core-series
I am sure you will like them too!
Wow it's very unique content over the TH-cam.
Thank you and happy you like it.
Amazing video. This is one of the best videos for .net core around oauth and openid
Super happy to hear that Praduman. Do check the other videos in this series here bit.ly/asp-net-core-series
Here is your another subscriber; Really awesome explanation; Keep doing the good work;
Welcome aboard Manoj! Do check out the full series bit.ly/asp-net-core-series. I am sure you will like it!
Great video! Thank you for taking the time to explain the concepts.
Glad you enjoyed it!
Very detailed and great description, good work my friend.
Thank you very much Raymond! Do check out the full ASP NET Series if you haven't already bit.ly/asp-net-core-series . Looking forward to see you around 😀
Really Very helpful for understanding all concept related to JWT
Thank you Jainith! You can check other videos like this in this playlist th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
This video is totally up to the mark and straight to the point. Great work Rahul. Thanks
Glad to hear that Yuvraj! Hope you are enjoying the series bit.ly/asp-net-core-series
Great video. I hope you do more videos about this topic
Yes I have a few planned showing the various different auth flows
Sir, thank u so much for the clear explanation
Glad you found it useful Kowshik! Do check out the ASP Series for more bit.ly/asp-net-core-series
very nice video
Thanks Joy. Do check out the full series bit.ly/asp-net-core-series
@@RahulNath Brother could you please help me to with windows server active directory?
Thank you
@@joyjk. haven’t been doing anything with ad these days - what are you stuck with ?
@@RahulNath Brother, Can I mail you? Could you please give me your email? I replied several times but youtube deleted it.
sure mail details in about page 👍hello@rahulpnath.com
Hi Rahul, great video, do you have an example using Net core 2?
Glad you like it, Stas. No, I don't have any on .net core 2. Any issue you are facing? The overall flow is similar in there too, except for the libraries used.
Also, think .NET 2 is nearing its EOL dotnet.microsoft.com/platform/support/policy/dotnet-core
Sir, please make some videos on how to implement Azure service with .net sdks. Like storage account, Azure functions and many more.
By the way, you are one of the best teacher available on TH-cam.
Thank you Abuzar! So happy that these videos are helpful. I will add these to my list and will keep them coming.
Thank you for the post. Very well done video
Thank you! Here is the full ASP Series bit.ly/asp-net-core-series
Great explanation,
You always smiles two times one when start video while talking about subscribe and same in the end..
😂
@@hemsingh81 Haha yeah I've noticed that too. The smile somehow disappears when I start talking code. I am otherwise cheerful. 😂
Great video. Would like to see a Azure B2C version and the differences. Roles/claim in the JWT token, example Admin and User roles.
Great suggestion! thank you Arran
Which is the best from AAD and OAuth ? .. Can you do a tutorial contrasting these two.
Thank you for making this video. did you make a video on using authorization code flow as you mentioned in the video?
Unfortunately not Sanjay! That one is still pending 😀
Great video, thank you very much for the explanation! Such a good concise video, amazing!
You're very welcome Sllan!
Excellent video sire! what is the multiline vscode extension that you were using?
Thank you Vikram. I use the built in VSCode feature code.visualstudio.com/docs/editor/codebasics#_multiple-selections-multicursor
Is that what you are looking for?
Excellent Video Rahul. Very good insight on JWT.
Thank you Manish. You might find the ASP NET Core Series helpful too - th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
Hi Rahul This is gr8 understanding, Thanks., I need your help in way, like I have old application which used microsoft Identity for user management, Now My requirement is to upgrade application and bring to cloud using Azure. now I need to work on User management section using Azure AD B2B integrated, So how use existing usermanagement or completely need to create new. and What we have to do of existing Identity tables like aspnetusers,aspnetrole ectc. please suggest video where I can get help to inegrate end to end userlogin logout in webappilcation and authorization in webAPI as well I'm using .net 7.0.
Hey, Can you please help with encrypting and decrypting the JWT? It doesn't seem to work in dotnet.
This video deserves the move views and likes. Good job, Rahul!!
Thank you Amnesh. Such positive comments are encouraging!
@@RahulNath I did a POC around DbUp as you suggested earlier on twitter. POC was awesome and everyone liked it. Looks like I'm becoming a fan of your videos. You are an Awesome Man.
@@dr.amneshgoel1416 That's so good to hear and glad you liked DbUp. Do let me know if there are any particular areas you are looking for and I can try and cover them.
@@RahulNath I'm good for now and thanks for checking. I had tweaked the scripts folder structure to make it more cleaner like DDL, DML etc., just to separate sql scripts in different folders.
Overall I'm good there.
@@dr.amneshgoel1416 Great!
Can you plz consume the WebAPI into the Web Application and do the same as you have done using Postman tool
Great suggestion Ali. Yes, I have a video planned on that side and showing the different libraries available and how that works. Still working on it. Thank you for watching this.
Excellent video, really excellent.
Very detailed explanation. Thank you
Glad it was helpful Umesh! Do check out the full ASP NET Series bit.ly/asp-net-core-series
Great video. Easy to understand and follow.
Glad you enjoyed it! Do check out the full ASP Series here bit.ly/asp-net-core-series
Rahul...you are simply Awesome
Thank you Gaurav! Do check out the full series here bit.ly/asp-net-core-series
@@RahulNath will go through it
@@gauravparikh1205 Let me know if you have suggestions and feedback!
@@RahulNath Thanks Rahul I am running with one problem getting below error in Linux docker "Windows Cryptography Next Generation (CNG) is not supported on this platform" , what is the best mechanism for Cross platform cryptography. Specially I could encrypt in angular and decrypt in C# webapi and more important should run with Docker image in LINUX
How do i store the token that i get in my redirect Uri. Can i do that 💀. Im new to programing btw trainee
Great Videos Rahul .. great content, to the point videos .. Thank you !!!
Glad you like them! Hope you are liking the full series th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
Best video on AD Auth.
Glad it helped. Do check out full ASP Series here bit.ly/asp-net-core-series
can we have the Oauth client on-prem or is should be in Azure for it to be registered in Azure AD? Thanks! ( very clear explanation )
The user must have credentials to login and should be registered in AD. But can access it from any where.
great explanation ..............
Glad you like it Shubham. Do check out my other videos in this series. You might like them!
Thanks for your video, very clear!
You are welcome, Lam!
Thanks for the tutorial.One issue i am facing ..i am getting the token generated in response but the token in not validated when making get request in post .It returns 401.
You are doing a very great job. I'm following all your videos one by one. Keep it up bro. Can you please share the Other part of Remaining Authentication and full video on authorization .
Thank you and happy you liked this. Unfortunately I haven't made the second video yet. Here's the full ASP Series bit.ly/asp-net-core-series
Wonderful explanation!!!
Thank you , glad you liked it . Hope you are enjoying the ASP Series ?
Very well explanation bro... All your videos are worth watching and grad the knowledge... Keep doing good work bro...
thank you, happy that these are helpful!
Hi Rahul, When I am passing the access token in authorization section of postman.. its still showing not authenticated..
Hard to tell tell without seeing it. suggest double checking the token version, inspecting it and making sure you have everything correct. There is a related post to help walk through www.rahulpnath.com/blog/jwt_authentication_asp_net_web_api/
@@RahulNath Hi Rahul, Token is showing not authenticated in postman and also in application. please guid im gothough above link but it can't help.
@@jaiminsolanki8849 Hard to tell why that would be. Did you try looking a the token using jwt.io? Suggest going through the video again and trying the steps once again if possible?
@@RahulNath Thanks for the reply, I have fixed issue with add redirect url "localhost:5000/" in Authentication of App Registration into Azure Active Directory.
@@RahulNath Also Updated scope parameter as "&scope=/.default" into Token Request URL.
Hello @Rahul, could you please make a video on how to consume API which has JWT authentication?
Great suggestion - yes I have that in my list! Hope you are liking the series bit.ly/asp-net-core-series
Thank you very much. I deeply understand jwt token. Thanks
Glad to hear that. Hope you are enjoying the full series bit.ly/asp-net-core-series
Very helpful topic and thank you so much for your time.
Glad it was helpful Anand!
Thank you great content ... Can u make a real time application with all the concept you talked in all video ..it will help alot ..just a suggestion
Thank you Shashikant for the suggestion. It's very valid. Yes I do plan to do a real time application covering all these concepts some time. It was my original idea too. Once I cover most of the basic building blocks I'll start doing such videos. (Also it needs a lot more effort 😀)
Enjoying your videos Rahul. Very nice!!! Can you please extend this video by securing Microservices through Azure API Management, Azure AD and authorizing APIs using role based access control.
Great suggestion Srinivas! Thank you
nice explanation Rahul
subscribed and waiting for the video about the authorization code flow
Thank you Ahmad! Yes need to start working on that video 😀
Here you mention return path as localhost:5000, but when you are running you api 44334. what is the difference in that??
Good catch Rajesh. That is the callback URL. Since in this case I did not have any front-end application but got the token from the browser URL itself it worked fine. Otherwise that is the URL to which Azure AD will redirect to. So it needs to match the URL where your application will be hosted so that it can automatically get the token from the redirected URL. Hope that clears your question.
@@RahulNath thanks, love watch your videos. keep going.
@@Rajeshsingh-ws5th Glad you do!
Hi Rahul,Thanx for sharing knowledge.
Can you please create video on JWT authentication in .net with AWS API gateway
Thank you Sameer for the feedback. Did you have any particular Identity Provider in mind? What do you use on AWS instead of Azure AD?
Thank you for the topic, which I exactly looking for!!
Glad it was helpful! Do check out the full series here bit.ly/asp-net-core-series
Hello good sir. When will you cover the authorization code flow approach? It's been two and a half years since you made this video😭
I understand nothing, do you have any prerequisites videos to better be prepaid for this video?
Hey Sergey, What are you not understanding and what is it you are trying to learn ?
@@RahulNath Thank you for answering. Your information is very concentrated. I need to start from examples of basic principals of authentication. May be from JWT AUTHENTICATION In ASP NET Core for simple use cases. The best style of examples and most clear explanation I found so far in the blog of Tony Spencer ASP.NET Core 5.0 - Authentication/Authorization - .Net Engineering Forum 2021-01-26, but unfortunately he is covers only cookies
@@sergeyfilat4238 Check out this video if that helps you th-cam.com/video/SFLG-gStXC0/w-d-xo.html
I would also read the official docs around these. In this video I try to explain the overall flow with the authentication which uses Azure AD. Still relevant to many other providers to understand what happens under the hood etc.
@@RahulNath I watched your link, it is very helpful, thank you. Now it is easy for me to go through your video too!!! How did you find it? Do you know another videos similar to th-cam.com/video/SFLG-gStXC0/w-d-xo.html ? Can you create such introduction videos so more people could watch your channel?
@@RahulNath I watched your link, it is very helpful, thank you. Now it is easy for me to go through your video too!!! How did you find it? Do you know where to find similar introduction videos? Can you create such introduction videos so more people could watch your channel?
I try this and works fine when login by paste the URL directly to the browser. But it fails to validate token when using Angular (SPA) where the token is sent by the Angular app. Any suggestions?
Subscribed. Very informative. Very few people use Rider though. :)
Thank you Anurag. Haha yeah true. I got a free subscription and started trying it out and like it. Main advantage is how easily I can go into the implementation of framework libraries.
@@RahulNath I hoped for a Community edition of Rider but it isn't available. The trial version I suppose is only valid for 30 odd days. Having said that, Rider looks very cool and rich features oriented.
@@anurag3487 Yes it is great IDE. They used to have Early Access Program, but looks like it's closed now www.jetbrains.com/rider/nextversion/
Excellent Video Man. Wow. Subscribed
Thank you Sanjay !
Are you doing another video on Authentication @Rahul?
@@sanjayi6245 Nothing planned yet. What did you want to be covered?
Is that Azure AD work on .NET Core App or Only Work in .NET Core API?
Do you have example for WebApi for OAuth implementation?
Not yet - it's something I have to get to doing a video on.
awesome explanation
Glad you like it Nitesh! Hope you are liking the ASP Series bit.ly/asp-net-core-series
Hi Rahul, Lots of learning from your videos... leaving a question for you.. What can be done if tokens are compromised?
Happy you are liking it Rahul. Check out how you can revoke tokens docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-revoke-access?WT.mc_id=AZ-MVP-5003875
Also do read about token lifetimes in general docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes?WT.mc_id=AZ-MVP-5003875
Let me know if that answers your question.
@@RahulNath Thanks Rahul :)
Azure AD B2C pleaseeee with front end app
wonderful job! Congrats!
Thank you very much Andre!
Is there another video for multi tenant application?
Also loved this tutorial!
If not yours - do you have a recommendation for the next video to watch?
Glad you liked it Heer. Unfortunately I don't have a specific recommendations for that, but I will add this to my list. Any further details on the specific scenario you are looking for
Hi, Rahul. Thanks for this video, it's really very clear explanation about Azure AD. But I have question about acquire silent token and about scopes of Microsoft Graph. How to close with authorization our resource (API's) and why do we need this scopes in Azure AD?
while hitting URL to generate token,
I am getting "The account needs to be added as an external user in the tenant first".
Can anyone help me on this?
Hi Rahul, thank you for the awesome tutorials. Your tutorials are easy to understand and has cleared my doubts.
Could you please make a video on jwt refresh tokens and implementing it in live application. Once token generated how to store it and use it multiple times.
Great suggestion Amit - Yes I have one in my list to record!
Great Video ! Still waitng for your video for the access code flow ;)
Thank you Louis! Thank you for the push. I will start working on it soon!
You are awesome. Great content
Thank you Bruce! Do check out the full series here bit.ly/asp-net-core-series
Really helpful. Thanks
Glad it was helpful, Sivaramkumar!
Really helpful, can you pls make a similar one for Azure Function HTTP triggered Function App, could not find any on that topic, Thanks
Thank you for the suggestion Sohail. I have added it to my list, will make one. Between do checkout the other videos in this series
th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
Hey I had followed up the same steps but when I am trying to use the bearer token to hit the weather forecast api from postman…I am still getting “Not authorized” error
Is it this video that you are using the weather forecast API? If it's unauthorized possibly the API key is wrong or having some issues, have you double-checked the setting in the weather API app?
awesome
Thank you. Do check out the other videos in this series th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
while posting the implicit flow request URI , I am getting this error which says " The 'resource' request parameter is not supported."
Please Help!
What URL are you using ? Can you double check with the URL mentioned in the associated blog post www.rahulpnath.com/blog/jwt_authentication_asp_net_web_api/
How can I use this lifecycle from within my application, without using fiddler ?
Good question Ahmad. This video was intended to show how all these different concepts work together. Based on the type of application you are developing you will be choosing different authentication flows as mentioned here. (I do plan to cover them some time on this channel) docs.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios#scenarios-and-supported-authentication-flows?WT.mc_id=AZ-MVP-5003875
@@RahulNath thank you, great job
Can you make a video to authenticate/authorize a Blazor APP with AWS Cognito?
Thank you for the suggestion. I have Cognito on my list 👍
Hello Rahul, I'm using the [Athorize] annotation in my controller and my response returns a valid token, but when I try to access my api via postman or swagger I always get 401. Any idea why?
Are you passing the correct token with the requests from postman ?
@@RahulNath I solved it, at least it worked for me by copying the url to obtain the token as it is, if it is not completely the same, it will not work, even if the token is valid
Thank you sir! ( my questions: What if the token is expired )
It will throw an error in the API and the UI/caller is responsible to refresh the token. Does that help?
Excellent video
Thank you Vinoth. Do check out my other videos in the ASP NET Series, you might like them! th-cam.com/play/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP.html
thanks, I followed what you did and it worked. but when I replaced the auth endpoint to v2 its not working, only v1 is working with the way showed.
I talked about this at around 10:00. Did you try fixing the configuration? Try debugging the token you are getting in jwt.io and see if you are able to find any differences.
Excellent video. Are you planning to make any Authorization code flow video? :)
Glad you like it Mario. Yes I do plan to make a few follow up videos around the different Authorization scenarios. Can't promise a date yet though (needs a bit more reading to be done 😀)
Great Explanation. Thank you. I have a query :- Is there any sample available for converting existing MVC Application from form authentication to Azure AD authentication
Thank you Ravindra, glad you like it. I am not sure of any such sample.
Getting this error The reply URL specified in the request does not match the reply URLs configured for the application
Double check the URL - usually happens where there is a mismatch on the URL used.
I receive an Not Authenticated, what can it be?
Hard to tell without seeing Francisco. Do check the jwt.io the token info and also ensure the token versions are correct.
same for me, even thoug receiving the access_token