Hey Tarik, I finally made the video that you asked me to make long time ago. I just wanted to make perfect demo. Sorry it took long thanks for your patience. please check this demo - th-cam.com/video/X6cBnOhaYhk/w-d-xo.html Having said that, in my next video I am going to show how you can use IHttpClientFactory to make it more organized.
another question please, Login function should be in Post http verb No? we are sending the information from the user to the API? Why did you defined it in Get Http verb? can you explain?
You are correct. It should be "post" method because you are sending something to the API. I don't remember why I used "get". Maybe I was facing some issues with "post". Either ways you are correct. Please use "post".
Great Video !!!! But I am a bit confused. I thought that we had to use the Identity Membership system for logging in and authenticating. In this example where is the Authentication Server? I thought that the authentication server was a tangile server and not an abstraction? Thanks !!!
For the demo I just used my machine as authentication server and transaction server. I did not want to buy a VM for the demo. I thought it was just understood.
How do you do login request when [authorized] is included in the user controller? this way new users cant get a refresh token cuz they need a token to even create an account?
Thanks for the feedback Zahid. I have fixed the low audio issue. I finally bought a good microphone and most of my audio issues are gone. Thanks for watching the video. Please share with your frandzzz
Hi there, i think i understund now?? you are using the "refreshToken " class on which you define the token attiribute and you are using it afterwards in the UserWithToken objects to refresh the token value? am i right? i'm begginer in coding and i would like to well understand .Thanks for all.
Hello Fifi, It seems like you are figuring things out one by one :) Yes that's correct. I should have mentioned that in the video. I am beginner in making videos :) Good job on figuring it out.
I'm trying to do the project with Angular and i 'm getting some diffuculties so if you know about some good tuto for Angular it will be great. Many thanks in advance.
Mr. Fahad, I can not show Token with User entity. I added Token property in my UserWithToken class. and how did you add body 'email' and 'password' in Postman in GetRequest I failed to add body in get request. please clear theses issues for me.
yes totally. as long as they have feature to store access and refresh tokens. And they know how refresh API call works. I am talking about refresh token in the next video I believe. Please check out this. th-cam.com/video/AWnO_b8XIeA/w-d-xo.html
Awesome! Thanks!! This is very instructive for me (beginner). I was able to run in .NET 6 environment with slight modification. (Because some configuration has been changed in .NET 6. Configuration should be set by Program.cs, not Startup.cs)
Thanks for the video. I need to understand a few things; You set 6 months the expires. Is it normal? If a hijacker obtains the token, what will be 6 months? If we want to set the expires as 7 minutes, how can we refresh the token per request?
Very good question, 6 months is not a normal expiry time. I set it so that I could show the difference on jwt.io I am going to talk about refreshing tokens in my next episode. I am reading about it as we speak. I like to do all the research that I can before making a video.
It's not good practice to use magic strings in multiple places of your app. Also you can have multiple settings and can change from one central location.
I had subscribe your channel, video is really awsome. I do have one issue on the same. I am following your instruction. But I do always get "(Bearer error="invalid_token", error_description="The signature is invalid")", any idea??? Same as created UserController as Login HTTGet Attribute on existing class I just mention attribute as [Authorize] [Route("api/[controller]")] [ApiController] public class WeatherForecastController
Hello Maf, sorry for the late reply. You will have to enable cors for asp.net core project. Please check below article. docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0
Wow.. that's clear and helpful tutorial, on the previous video, u explain Basic Authentication, sometimes i need to use authentication and JWT authorization at the different controllers, for example, i want to use basic authentication just in users controller and for Publishers controller i just need JWT, what i can do that ? Thanks before,
Thanks for lovely comment Saputra. I had the same questions when I was making these tutorials. I wish I had covered that part in the videos. You can pass authentication schemes in your authorize tag. You can have "BasicAutheticationScheme" for UserController and "JwtBearerDefaults" scheme for PublisherController. Please check out below article from .NET team. I hope that helps. docs.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-5.0
Great Series!!! Please keep them coming. Please could you make series about how to use Identityserver4 for authentication and authorization with web APIs security and microservices +ocelot API gateway + Identityserver4
Yes. My main focus is on authentication and authorization in .NET technologies. Currently I am putting together a demo for twitter login for Blazor app that I have been working.
Dear Fahad, First of all thank you very much for this excellent series. With this technique for authentications, will we be able to use all the ASP.Net Identity facility like Claims,Roles and so on, or we have to use the basic authentication which come out of the box with Blazor? Best Regards.
That's a good question. Yes that will be an easier way to go about it. But I personally don't like the way it generates users, claims, roles etc tables in the database. I would rather design my own tables so that I can have better control over it in long run. If your doesn't care about it then go for it.
@@CuriousDrive Thank you Fahad for your instant answer I would love to follow your way to make things simple and smooth, so i will wait for you to get to that point. Best Regards
Hey Tarik, I have already done that in my custom authenticationstateprovider video Here's the link th-cam.com/video/BmAnSNfFGsc/w-d-xo.html Of course let me know if you face any issues
@@CuriousDrive I have watched all your videos, but i did not notice that i will watch again carefully. Thank you very much for your patient, and sorry for my many questions.
Very Very informative video. I have to develop web api for mobile clients. Is basic auth good for this purpose with JWT ?? Client seems to be suggesting to use Identity Server 4 : ->
Hello WikkiOnIlluminati, I am not sure if you can combine basic and JWT together. If you have the access token then why use basic authentication. Also Identity Server 4 is not a bad option either. I have seem a lot people use it for big projects.
Great tutorials so far. When I try to authenticate using postman I get the following: System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions). at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context Was there something that changed between the last lesson and this one? (Your github only has the final code) Thanks for the great tutorial!
Thomas, it looks like you are missing AuthenticationScheme. this is how it should look like. services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; })
Please do claim based authorization with blazor webassembly and asp.net core web api using jwt not hosted. Claim based Authorization for add, delete and print
Hey Tesfay, I can explain that :). I created a new class UserWithToken to add Token as new string property so that I can send that back to the client. You can not add properties in User.cs because it was created as a model for our database using scaffold DbContext command
@@CuriousDrive how do I fix the error System.InvalidOperationException : No suitable constructor found for entity type "UserWithToken" the constructor had parameters that could not be bound to UserWithToken (User user)
Code - github.com/CuriousDrive/BookStores
Thanks for watching, please share with your friends :)
hi. thank you for sharing. You can share all slide document in playlist?
I am not getting token in the user 's json
token field is not getting generated
PLEASE HELP!
This playlist is amazing, thank you for sharing
Thanks Ethson!!!
As Alway, Smoothness of clarity and gratifying and Interesting.
Thank you very much for all your efforts, and for me you are the best instructor.
Hey Tarik, I finally made the video that you asked me to make long time ago. I just wanted to make perfect demo.
Sorry it took long thanks for your patience. please check this demo - th-cam.com/video/X6cBnOhaYhk/w-d-xo.html
Having said that, in my next video I am going to show how you can use IHttpClientFactory to make it more organized.
@@CuriousDrive Thank you very much for your interest
Wish you the best.
Nice work. I've been using JWTs for a while but never spent the time to see what was 'actually' happening. Glad I did and glad I found your video! 👍
Thanks Matt. I have watched this video multiple times to remind myself how it all works. Especially before the technical interviews.
Thank you, very clear and helpful(the whole serious was consistent).Thank you!!!!
You are most welcome. Thanks for watching 😊
you explained smoothly,thank you very much for this greate tutorial
I appreciate you watching it. Please share with your friends.
another question please, Login function should be in Post http verb No? we are sending the information from the user to the API? Why did you defined it in Get Http verb? can you explain?
You are correct. It should be "post" method because you are sending something to the API. I don't remember why I used "get". Maybe I was facing some issues with "post". Either ways you are correct. Please use "post".
@@CuriousDrive thank you very much for your time .
Great Video !!!! But I am a bit confused. I thought that we had to use the Identity Membership system for logging in and authenticating. In this example where is the Authentication Server? I thought that the authentication server was a tangile server and not an abstraction? Thanks !!!
For the demo I just used my machine as authentication server and transaction server. I did not want to buy a VM for the demo. I thought it was just understood.
How do you do login request when [authorized] is included in the user controller?
this way new users cant get a refresh token cuz they need a token to even create an account?
Best video on authorization I have found till this date thanks , voice volume was little low I hope you will improve this in your upcoming video's
Thanks for the feedback Zahid. I have fixed the low audio issue. I finally bought a good microphone and most of my audio issues are gone. Thanks for watching the video. Please share with your frandzzz
I am not getting token in the user 's json
token field is not getting generated
Hi there, i think i understund now?? you are using the "refreshToken " class on which you define the token attiribute and you are using it afterwards in the UserWithToken objects to refresh the token value? am i right? i'm begginer in coding and i would like to well understand .Thanks for all.
Hello Fifi, It seems like you are figuring things out one by one :) Yes that's correct. I should have mentioned that in the video. I am beginner in making videos :)
Good job on figuring it out.
@@CuriousDrive thank you for encouragement! it's my pleasure man
I'm trying to do the project with Angular and i 'm getting some diffuculties so if you know about some good tuto for Angular it will be great.
Many thanks in advance.
should we use ASP.NET identity for handle login instead
Yes that's an option too.
Mr. Fahad, I can not show Token with User entity. I added Token property in my UserWithToken class. and how did you add body 'email' and 'password' in Postman in GetRequest I failed to add body in get request. please clear theses issues for me.
Sure. are you using postman?
@@CuriousDrive yes. I am using postman
Is there a reason why you are using GET request? I used POST for my example. And that should be fine.
@@CuriousDrive I were following your task. Your postman call were get request i guss
One more error in refresh token video. I am getting null reference exception with email during api call from blazor app
thank you for share .It very help new programmer like me
Of course nu, I am glad that was helpful.
Great tutorial. Thank you for posting.
Thanks for watching Jeff. Please share with your friends :)
Perfect ,thanks a lot 💐
Thanks for watching Daniel. :)
Tutorial is very good. Are there any new series on .Net 6/7/8/ Web api??
Is this JWT token generated from signin in this video can be use to a third party client for integration
yes totally. as long as they have feature to store access and refresh tokens. And they know how refresh API call works. I am talking about refresh token in the next video I believe. Please check out this.
th-cam.com/video/AWnO_b8XIeA/w-d-xo.html
Awesome! Thanks!! This is very instructive for me (beginner). I was able to run in .NET 6 environment with slight modification. (Because some configuration has been changed in .NET 6. Configuration should be set by Program.cs, not Startup.cs)
Yes that's correct. I should make a JWT video for .NET 6. Thanks for commeting
@@CuriousDrive pls do it
Thanks for the video. I need to understand a few things;
You set 6 months the expires. Is it normal? If a hijacker obtains the token, what will be 6 months?
If we want to set the expires as 7 minutes, how can we refresh the token per request?
Very good question, 6 months is not a normal expiry time. I set it so that I could show the difference on jwt.io
I am going to talk about refreshing tokens in my next episode. I am reading about it as we speak. I like to do all the research that I can before making a video.
@@CuriousDrive thanks for your effort and help. I'm looking forward to the video.
@@AhmetYigiter Please share the demos with your friends and co-workers. I am planning on doing this full time. Thanks for the support :)
Why injecting JWTSettings class is better than reading configuration?
It's not good practice to use magic strings in multiple places of your app.
Also you can have multiple settings and can change from one central location.
I had subscribe your channel, video is really awsome.
I do have one issue on the same. I am following your instruction.
But I do always get "(Bearer error="invalid_token", error_description="The signature is invalid")", any idea???
Same as created UserController as Login HTTGet Attribute on existing class I just mention attribute as
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class WeatherForecastController
Looks like your secret key that you are using to sign your token is not the same. I suggest you to check that area of the code.
[Authorize] Attribute always blocked by Cors. How do you handle it?
Hello Maf, sorry for the late reply. You will have to enable cors for asp.net core project. Please check below article.
docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0
Wow.. that's clear and helpful tutorial, on the previous video, u explain Basic Authentication, sometimes i need to use authentication and JWT authorization at the different controllers, for example, i want to use basic authentication just in users controller and for Publishers controller i just need JWT, what i can do that ? Thanks before,
Thanks for lovely comment Saputra. I had the same questions when I was making these tutorials. I wish I had covered that part in the videos. You can pass authentication schemes in your authorize tag. You can have "BasicAutheticationScheme" for UserController and "JwtBearerDefaults" scheme for PublisherController. Please check out below article from .NET team. I hope that helps.
docs.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-5.0
@@CuriousDrive Thanks for ur insight
Great Series!!! Please keep them coming. Please could you make series about how to use Identityserver4 for authentication and authorization with web APIs security and microservices +ocelot API gateway + Identityserver4
Yes. My main focus is on authentication and authorization in .NET technologies. Currently I am putting together a demo for twitter login for Blazor app that I have been working.
Dear Fahad,
First of all thank you very much for this excellent series.
With this technique for authentications, will we be able to use all the ASP.Net Identity facility like Claims,Roles and so on, or we have to use the basic authentication which come out of the box with Blazor?
Best Regards.
That's a good question. Yes that will be an easier way to go about it.
But I personally don't like the way it generates users, claims, roles etc tables in the database. I would rather design my own tables so that I can have better control over it in long run.
If your doesn't care about it then go for it.
@@CuriousDrive Thank you Fahad for your instant answer
I would love to follow your way to make things simple and smooth, so i will wait for you to get to that point.
Best Regards
Hey Tarik, I have already done that in my custom authenticationstateprovider video
Here's the link th-cam.com/video/BmAnSNfFGsc/w-d-xo.html
Of course let me know if you face any issues
@@CuriousDrive I have watched all your videos, but i did not notice that i will watch again carefully.
Thank you very much for your patient, and sorry for my many questions.
No worries Tarik, You are one of my favorite followers
IDX10223: Lifetime validation failed. I am getting error like this.
Looks like your token is expired. I usually handle this exception and refresh my token.
Very Very informative video.
I have to develop web api for mobile clients. Is basic auth good for this purpose with JWT ??
Client seems to be suggesting to use Identity Server 4 : ->
Hello WikkiOnIlluminati, I am not sure if you can combine basic and JWT together. If you have the access token then why use basic authentication. Also Identity Server 4 is not a bad option either. I have seem a lot people use it for big projects.
Fahad thanks again for this. Can I see the details of UserWithToken class? Thanks.
here you go -
github.com/CuriousDrive/BookStores/blob/master/BookStoresWebAPI/BookStoresWebAPI/BookStoresWebAPI/Models/UserWithToken.cs
great video. thanks a lot
Thanks Menaka :)
Thank you for sharing, very helpful.
Hey Kurada, I am glad that it was helpful for you. Thanks for watching.
in JWT.io even if we dont write secret key i.e. empty or write something else.. it shows valid
Yes I see that too. Not sure why it is like that. Thanks for pointing out.
Can you please make a video on parse the JSON file in .net core
Thanks for the suggestion. I will try to fit that in the incoming videos.
Great tutorials so far. When I try to authenticate using postman I get the following: System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context
Was there something that changed between the last lesson and this one? (Your github only has the final code) Thanks for the great tutorial!
Thomas, it looks like you are missing AuthenticationScheme. this is how it should look like.
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
Please do claim based authorization with blazor webassembly and asp.net core web api using jwt not hosted. Claim based Authorization for add, delete and print
Hello Vinoth, sorry for the late reply - please check out this video - th-cam.com/video/bu6F4oeYdzA/w-d-xo.html
Great !!!!
Thanks for watching Sorn!!!
I don't think you can get an user like that since the password is hashed
anyone who can clarifying the objective of ==== UserWithToken userToken = new UserWithToken(user);
Hey Tesfay, I can explain that :).
I created a new class UserWithToken to add Token as new string property so that I can send that back to the client.
You can not add properties in User.cs because it was created as a model for our database using scaffold DbContext command
@@CuriousDrive how do I fix the error
System.InvalidOperationException : No suitable constructor found for entity type "UserWithToken" the constructor had parameters that could not be bound to UserWithToken (User user)
Cool.. ValidateIssuer=false,ValidateAudience=false
I have not startup.cs, why? I create project from 0 like tutorial video. Can someone help me?