Omg Bro, you're incredible. I tried to add this functionality for a very long time and nothing ended with success. But your video solved my problem just in 30 minutes. And one more thing, your English is very understandable for non-native speakers. Thank you a lot!
Thank you - this was perfect! I liked the fast pace and length of the tutorial. Your tutorial is uncluttered, clear, and to the point. Keep making more!
Great video, @Code with Julian. Well done. In the Authenticate method in the LoginController class, there's no need to check for null. The Linq FirstOrDefault(...) will return null if the user with the conditions is not found, otherwise, it will return a user model. Thank you for the video.
Your tutorial is amazing, very much what I was looking for to create a production-level API with authentication, you explained stuff clearly, very detailed and well-explained and code is easy to follow without complexity and unnecessary filler codes that can be used as a template in corporate APIs. I've had paid subscriptions on Pluralsight and LinkedIn Learning, but the way you teach and this example topples most of the ones I've seen in those paid online courses where all they've done is pad their tutorials with unnecessary junk of codes to make it longer but pretty difficult to implement! I've subscribed and will definitely watch all your videos, thanks and keep it up!
Hey Brad! First of of, thank you very much for your kind words. I wish you guys would feel the same way I feel when you leave these nice comments. It truly brings joy and motivation to keep going! Secondly, I'm happy that you've found this tutorial valuable, I try to cut the fluff as much as possible, without compromising on essential details on the subject. Thank you again for your comment and I hope you have a great day!
Thank you for the simple and effective explanation. I was really stuck on how to decode jwt token to get user detials, and didnt got any perfect solution for this problem. But you did a great job at this.
I was looking for this for a long time. Watched tons of garbage. Finally I've found the exact video I was looking for. Every single thing I need is in the video. Thanks for sharing this useful tutorial.
there is very important point for UseAuthentication method call. The calling order should be like that for net5 and upper versions, app.UseAuthentication(); app.UseRouting(); app.UseAuthorization(); Otherwise you will continue to get 401 error due to middleware execution order.
thanks a lot man. I was facing the 401 issue and I really worked so hard to fix it but I was unable to fix it. So lastly I start reading the comments and found urs. Thanks a lot 🎉
Best Video to learn about JWT TOken Authentication and Authorisation 1. Simple explanation 2. Clear command over topic 3. step by step by explanation 4. Working code link
Hi Julian, nice one. Love this tutorial. But please you said at 15:06 that this isn't a proper authentication and we shouldn't do it in production, so what do you suggest or would say is a proper authentication. Would you mind doing a video on that? So we learn the proper way too. Or do you say so because you used Constants instead of an actual database? Thanks
any idea, why I am getting below error when I try to access API having [Authorization]? System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).
great Tutotial is just that i need, please have a question how pass this auhorization in a method of mvc, i tell you i put the [Authorize] in one method but altougth im autheticated the response is unauthorized please and thanks for your time
I created an asp.net core mvc web application for individual accounts. I abstracted out EF core, and have all the authorization/2FA, pw reset, email authorization, account lockout... etc, handling in place. I eventually would like to create a mobile application to go with it. I planned on having the user use the website for setting up/editing their account personal details, and password changes/reset. I figure right now is a good place to create the Web API and start configuring now common data access/changes the web app and mobile application will use. What is the best way to approach this, and leave the current authorization/authentication in place for the web application, but have it also authenticate to the web api? Thank you!
Please for the love of all things good, where can I find the article on this within the microsoft authentication. I would like to read on it for indepth details
Excellent tutorial !!!, my english is basic and i use the automatic provide for youtube translator in spanish and is a really nice, this is because u audio is so god. Thanks :)!
Short and to the point, Thanks Julian. I have 1 doubt .what is the significance of creating new instance of UserModel in getCurrentUser method in UserController?
hi, i have a question. can i use jwt as authentication, then i have 2 client which is web and mobile apps. so when user log in in web it will get access token for that web client, and when the same user log in into mbile apps it will get access token for that app client. therefore if 1 of the client is logged out by the user, the other client shouldnt log out. just want to know is this still correct practice. because i have confused with identityserver, AOuth 2.0
you are amazing can you do a vedio on sending requests from a client react app side to the api,i would like to see how it works with jwt,am interested in the logic.Otherwise your tutorial is the best on jwt
I have a couple questions, first though, great video!! 1. You stated that your user authentication....where you compare the login and password is not correct? What was wrong with that? 2. In the JsonSettings you had two URLs you pasted in, Issuer and Audience, if my api is hosted on say Azure, do I use the web api url for both? 3. My app will mainly be used off line. The backend is murely sure syncing...when the user has service....I have been leaning towards just basic authentication. This app doesn't really house any PII information. I am confused how the token would be used for offline?
Hi thanks for your feedback and questions: 1. That was a mock authentication process for the simplicity reasons. In reality, you'd integrate ASP.NET Identity or a related framework to take authenticate the user for you. Here's how you could do it 👉 th-cam.com/video/5UfJeDcoC1k/w-d-xo.html 2. I will probably make a separate video on deploying a such application Azure in the future. 3. I'm not familiar with the requirements of your application, but from what you've said, if you don't wish to store user data yourself but still require authentication, you'll need to integrate with a 3rd-party tool, i.e: Okta, Google.
Hey Julian, thanks for this informative video. I appreciate your efforts to make this useful content. I liked how you explained all about JWT & authentication in steps. Thanks and keep sharing. Edit: I subscribed the channel. 😊
This is a great video! One thing i want to ask. When you have multiple controllers and you want to get the authenticate user from getCurrentUser method. Where is the best practice to put getCurrentUser method? Do i need to build a repository/service for that and inject it to every controller that will need authentication/authorization? thanks
Well done! Super clear and to the point! Would you reckon it's a good idea to fetch the data from the Database based on the Username that's passed in with the claims when hitting "AdminsEndpoint"? For instance, let's say someone logged in, was assigned the JWT, and then tried to access their profile settings by entering the endpoint "MyProfile". Would this be a valid way of making sure that it's only accessing it's own page?
Hi Payload thanks for the feedback, great channel by the way! This tutorial was to demonstrate how a JWT is generated and composed of, and how to create endpoints that are designated for specific security roles. In an enterprise application I would only pass in the user Id to the _MyProfile_ endpoint. The asp.net core role-based authorization will take care of granting/denying access to that endpoint (based on the JWT stored). Finally, if the user is granted access to that endpoint, they will only ever receive the profile data associated with their user id. Hope this helps!
@@CodeWithJulian Doesn't that mean that if I take away access, it takes up to 15 minutes for it to apply (or whatever the timeout is set to); since technically the jwt token is still valid and this isn't really being checked every request? Seems a bit risky to me?
@@ruadeil_zabelin The general consensus is that is best practice to set the expiration time to 15 minutes tops. Feel free to lower that limit depending on the case. Hope this helps!
Omg Bro, you're incredible. I tried to add this functionality for a very long time and nothing ended with success. But your video solved my problem just in 30 minutes. And one more thing, your English is very understandable for non-native speakers. Thank you a lot!
Thanks, really appreciate your feedback, happy it's been useful!
If you are using .NET 6, add this to your program.cs file
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudience = builder.Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])
)
};
});
var app = builder.Build();
Bro this tutorial just saved me today, thanks so much, your calmness and pace of everything in the way you teach is excellent please keep it up
Clear, crisp and quality teaching by saving the time too, great man!
Thank you - this was perfect! I liked the fast pace and length of the tutorial. Your tutorial is uncluttered, clear, and to the point. Keep making more!
the best on youtube that explaine it , the exemples of success and failings , helps a lot , keep it up sir
This is the best tutorial on JWT Authentication and Authorization I've ever seen so far, Thank you so much for your efforts.
Complex matters explained with simplicity. Thank you for sharing your great work!
Great video, @Code with Julian. Well done.
In the Authenticate method in the LoginController class, there's no need to check for null. The Linq FirstOrDefault(...) will return null if the user with the conditions is not found, otherwise, it will return a user model.
Thank you for the video.
Your tutorial is amazing, very much what I was looking for to create a production-level API with authentication, you explained stuff clearly, very detailed and well-explained and code is easy to follow without complexity and unnecessary filler codes that can be used as a template in corporate APIs. I've had paid subscriptions on Pluralsight and LinkedIn Learning, but the way you teach and this example topples most of the ones I've seen in those paid online courses where all they've done is pad their tutorials with unnecessary junk of codes to make it longer but pretty difficult to implement! I've subscribed and will definitely watch all your videos, thanks and keep it up!
Hey Brad! First of of, thank you very much for your kind words. I wish you guys would feel the same way I feel when you leave these nice comments. It truly brings joy and motivation to keep going!
Secondly, I'm happy that you've found this tutorial valuable, I try to cut the fluff as much as possible, without compromising on essential details on the subject.
Thank you again for your comment and I hope you have a great day!
It's the subject I've been looking for for a long time and the best resource I've found. Thanks...
Thank you for the simple and effective explanation. I was really stuck on how to decode jwt token to get user detials, and didnt got any perfect solution for this problem. But you did a great job at this.
Glad the tutorial has been helpful to you! Thanks for sharing that!
This is very well done, thank you so much for making this!
I was looking for this for a long time. Watched tons of garbage. Finally I've found the exact video I was looking for. Every single thing I need is in the video. Thanks for sharing this useful tutorial.
Thanks for your feedback! I'm glad the tutorial was helpful to you.
there is very important point for UseAuthentication method call. The calling order should be like that for net5 and upper versions,
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
Otherwise you will continue to get 401 error due to middleware execution order.
Thank you so much for this help !
Thank you so much for this comment
thanks a lot man. I was facing the 401 issue and I really worked so hard to fix it but I was unable to fix it. So lastly I start reading the comments and found urs. Thanks a lot 🎉
Thank you so much!
Just passed by that one and it was so straight-forward for me. Keep it up and thank you for such an awesome content
Great Tutorial, you should post one where you refresh the tokens.
short, to the point, and a nice tutorial. Kudos to Jason and Elysse
Thanks for the feedback!
Just like a pro
do you have any plans to make a version of this tutorial for blazor server ? because blazor server uses a dfferent workflow from controllers
Thanks for your suggestion! Sounds good!
Best Video to learn about JWT TOken Authentication and Authorisation
1. Simple explanation
2. Clear command over topic
3. step by step by explanation
4. Working code link
Thanks for your feedback, much appreciated!
this is one of the best tech videos i've watched for a long time!
Thank you for your feedback! I'm happy it's been useful to you!
Thanks..... I've now created my first Web API thanks to you
Well done!
Hi Julian, nice one. Love this tutorial. But please you said at 15:06 that this isn't a proper authentication and we shouldn't do it in production, so what do you suggest or would say is a proper authentication. Would you mind doing a video on that? So we learn the proper way too. Or do you say so because you used Constants instead of an actual database? Thanks
He meant that your users list should not be hard-coded in the system as was done in this tutorial.
you saved my graduate project
thank u
Brilliant Explanation you made this topic so simple by your explanation
Thaks a lot the way of your teaching is so clear and straightforward.
that was awesome, Julian! You reminds me the dude from Silicon Valley TV Show xd. I rly appreciate for the video's content.
Haha beautiful, thanks! Glad the tutorial was useful!
Any reason why you didn’t choose .NET 6 since that’s already released and has so much of performance improvements?
Thanks so much Julian for making me understand this easily. Subscribed and will keep following updates here.
Fantastic explanation Julian. Subscribed. Nice one, mate
Thanks for feedback! Happy it's been helpful!
Thank you so much …this tutorial helped me in my interview …
That's wonderful news! Hope you got the job 🥳
Simple and Neat explanation, Great Job
This video was very helpful, thanks for this. Please continue to create more content.
Best tutorial on the subject, thank you bro
Thanks for your feedback!
Amazing work. Thanks for the great explanation. May all your work success and shine bright..
Thanks for the kind words!
any idea, why I am getting below error when I try to access API having [Authorization]?
System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).
I did exactly like you, not missing even a single syntax but keep receiving the "missing of Kid" which is KeyId. Can you help?
Bro i have an doubt.. You have declared Role in the models and you call Roles in the api end point how it's gonna work i didn't get that
What's the difference between using this and identityuser from identity package?
Simply Awesome. Thanks for creating awesome tutorial. Keep great work up.
Hey, Can you please help with encrypting and decrypting the JWT? It doesn't seem to work in dotnet.
This is a great tutorial. Clear explanation and good examples. Thank you very much.
Thanks Sebastian! Happy it's been helpful!
Can you authorize controllers instead of doing one end point at the time for admins/other-users?
Does this also work when my project type is Web Api and not web application?
Thanks, it is a clear teaching.
You're welcome, thanks for feedback!
Where can i get JWT key value in appsetting.json ?
Thanks Julian, you're very clear and tbe video is very useful.
Everything in one go, Thanks for the video.
Thanks for the feedback, glad it was helpful!
Nice, you explained necessary code
great Tutotial is just that i need, please have a question how pass this auhorization in a method of mvc, i tell you i put the [Authorize] in one method but altougth im autheticated the response is unauthorized please and thanks for your time
Perfect explanation , straight to the point ! Thank you
Thank you! Glad it's been helpful!
Very clear and easy to understand ..Thanks
You're welcome, thanks for the feedback!
I created an asp.net core mvc web application for individual accounts. I abstracted out EF core, and have all the authorization/2FA, pw reset, email authorization, account lockout... etc, handling in place. I eventually would like to create a mobile application to go with it. I planned on having the user use the website for setting up/editing their account personal details, and password changes/reset. I figure right now is a good place to create the Web API and start configuring now common data access/changes the web app and mobile application will use. What is the best way to approach this, and leave the current authorization/authentication in place for the web application, but have it also authenticate to the web api? Thank you!
where to provide jwt token into code after generate? I seen you do this in postman.
Please for the love of all things good, where can I find the article on this within the microsoft authentication. I would like to read on it for indepth details
You are doing great work
Keep the good work goin brother
Worked perfectly! some detailed explanation about JWT settings might have helped more in understanding internals
Great to hear! More JWT videos to come!
Excellent tutorial !!!, my english is basic and i use the automatic provide for youtube translator in spanish and is a really nice, this is because u audio is so god. Thanks :)!
Also because the code is understood regardless of the language in which you speak
Thank you, Julian, very easy to understand.
You are so awesome. Thank you! This has been so helpful
Short and to the point, Thanks Julian. I have 1 doubt .what is the significance of creating new instance of UserModel in getCurrentUser method in UserController?
man, you are awesome. Thank you very much for this video. You are a hero that saved me a lot of time!
Glad I could help, thanks for the feedback!
@Code With Julian Thanks for the video. This tutorial gave me an idea about JWT tokens implementation
This was exactly what I needed. Great job. Look forward to more.
Thanks for the feedback! More to come shortly!
Great
I see you added api controller to razor page project.
How can I make use of the 2 controllers in the razor pages ?
Thank you so much for your excellent tutorial 🖐😄
I'm glad it's proven useful!
Does this also work with .Net 6 ??
Thanks a lot for making this, it really helped me out!
Why are you using symmetric key instead of asymmetric
What if i am used to asp net core project not api?
It`s nice tutorial ! Not too long, but very useful ! Thanks. Subscribed.
Thanks for the feeback, much appreciated!
Awesome Awesome just awesome... Amazing video
Thank you so much 😀
Great content.
I wonder how did you learn these , maybe im blind but I couldn't find any document for jwt in Microsoft website.
Thank you so much, it helped me a lot
Excellent Sir
doubts are cleared now
@@CodeWithJulian kindly also share about real world Example for ,Net core Api
Thank you for the great tutorial!
Valuable lesson. Thanks Julian.
That was so helpful ,Thank you so much .
Sir kindly describe how to put in cookie and using after the login?
hi, i have a question. can i use jwt as authentication, then i have 2 client which is web and mobile apps. so when user log in in web it will get access token for that web client, and when the same user log in into mbile apps it will get access token for that app client. therefore if 1 of the client is logged out by the user, the other client shouldnt log out. just want to know is this still correct practice. because i have confused with identityserver, AOuth 2.0
Perfect, I will use it for my apprentices. Thanks a lot!
Nice one! Glad it's been useful!
you are amazing can you do a vedio on sending requests from a client react app side to the api,i would like to see how it works with jwt,am interested in the logic.Otherwise your tutorial is the best on jwt
I have a couple questions, first though, great video!!
1. You stated that your user authentication....where you compare the login and password is not correct? What was wrong with that?
2. In the JsonSettings you had two URLs you pasted in, Issuer and Audience, if my api is hosted on say Azure, do I use the web api url for both?
3. My app will mainly be used off line. The backend is murely sure syncing...when the user has service....I have been leaning towards just basic authentication. This app doesn't really house any PII information. I am confused how the token would be used for offline?
Hi thanks for your feedback and questions:
1. That was a mock authentication process for the simplicity reasons. In reality, you'd integrate ASP.NET Identity or a related framework to take authenticate the user for you. Here's how you could do it 👉 th-cam.com/video/5UfJeDcoC1k/w-d-xo.html
2. I will probably make a separate video on deploying a such application Azure in the future.
3. I'm not familiar with the requirements of your application, but from what you've said, if you don't wish to store user data yourself but still require authentication, you'll need to integrate with a 3rd-party tool, i.e: Okta, Google.
Can we get a tutorial with vue for frontend, .net core web api, sql for backend with roles, identity, crud with repository pattern please
Hi, thanks for the suggestion. I'm affraid this channel is not yet covering Vue. But anything else sounds good!
Hey Julian, thanks for this informative video. I appreciate your efforts to make this useful content. I liked how you explained all about JWT & authentication in steps.
Thanks and keep sharing.
Edit: I subscribed the channel. 😊
when i post the api/login . service always return "not found " error . why?
I'm using .NET 6 .
Hi, there could be many reasons for this. Ensure the port number is correct. Also, ensure the method is set to POST. Hope this helps!
Can you make a full frontend angular application that sends request to backend for token Authorization. It would be helpful.
Excelent tutorial, very precise. Thanks !
Glad you enjoyed it!
Can you demo how to read ASPs on MVC .
Thanks for the video. it really helpful Bro
Glad it was helpful!
This is a great video! One thing i want to ask. When you have multiple controllers and you want to get the authenticate user from getCurrentUser method. Where is the best practice to put getCurrentUser method? Do i need to build a repository/service for that and inject it to every controller that will need authentication/authorization? thanks
Yes you could store it in a separate service that's accessible from all your controllers, then, as you say, inject it if/where you need it.
Thank you. This was super helpful!
Superb, Exactly what I was looking for, Do u have your courses in Udemy ?? Willing to learn from you
thank you so much for this tutorial!!
You're welcome, happy it't been helpful!
Your video is very very useful , Thank you!
Well done! Super clear and to the point! Would you reckon it's a good idea to fetch the data from the Database based on the Username that's passed in with the claims when hitting "AdminsEndpoint"? For instance, let's say someone logged in, was assigned the JWT, and then tried to access their profile settings by entering the endpoint "MyProfile". Would this be a valid way of making sure that it's only accessing it's own page?
Hi Payload thanks for the feedback, great channel by the way! This tutorial was to demonstrate how a JWT is generated and composed of, and how to create endpoints that are designated for specific security roles. In an enterprise application I would only pass in the user Id to the _MyProfile_ endpoint. The asp.net core role-based authorization will take care of granting/denying access to that endpoint (based on the JWT stored). Finally, if the user is granted access to that endpoint, they will only ever receive the profile data associated with their user id. Hope this helps!
@@CodeWithJulian Doesn't that mean that if I take away access, it takes up to 15 minutes for it to apply (or whatever the timeout is set to); since technically the jwt token is still valid and this isn't really being checked every request? Seems a bit risky to me?
@@ruadeil_zabelin The general consensus is that is best practice to set the expiration time to 15 minutes tops. Feel free to lower that limit depending on the case. Hope this helps!
Hi, Excellent video, do you have video for refresh token as well?
Thanks, yes there will be in the near future.
Great tutorial. Loved it!
Thanks, glad to know that!
Hi. I use .Net 6 version and there is no Startup.cs file. Can anyone help me What should i do?
Hi, please check out my .NET 6 tutorials. I show how to register services and add Authentication and Authorization to the pipeline.