your tutorial is amazing, the IT community needs more people like you! however, MICROSOFT SUCKS for implementing a million different classes and ways to implement authentication /authorization classes then those classes get deprecated and then the developer will be scrambling for answers to solutions that new core version/framework is trying to introduce! For MS, there is no one universal, non-complex, non-confusing way to create a simple web API with basic authentication, it's like each authentication scheme is created by one developer that is trying to out-do the other developer within their team that has implemented a recent class/code! I hope, I really, really hope, that MS should one day be overtaken by another company or that incoming new developers will instead switch to open source and other tech stacks for web api-related stuff! I will be the first to rejoice if MS will file for bankrupcy one day, or get bought by Apple!
Excellent video, I have shared with my whole team to watch. Thank you. One question, at 15:56 you add the JwtTokenAuthenticationManager to services with the key, but what if you wanted to pass in the DbContext and also maybe the ILogger so the JwtTokenAuthenticationManager can confirm the credentials against the Db. How do you configure the services for the JwtTokenAuthenticationManager in startup to inject those into the class?
Nice video , But I feel it would have been been great for beginners like me , if you had spent some time explaining the usage of each line while configuring authentication in startup and controller class files .
I am able to generate the token. I am also getting the data without authorisation. But when I give the Authorize for the get method I get unauthorised. Could you please help me solve this issue.
its a good practice to send token as part of header, but nothing stops you from sending token in query string, there are use cases like websocket where you might need to pass it in query string
Hi, thanks for the tutorial! You keep the content simple and easy wich is great, but for future improvement you could add a real front end, just a login page, 1 or 2 authorized pages and a logout. this way we could see the complete workflow of the jwt and how is stored in page transitions.
Thanks for the Awesome Video. But I have a question. If I need to create a Custom Unathorized return message from any POST or GET api, what should I do ?
@Deepjyoty Roy, thanks for watching! In your scenario, you can remove the Authorize attribute and inside of each method check for User.Identity.IsAuthenticated, and based on that throw Unauthorised with you custom messages per method.
Hi, at timeline of 11:26 in this video, you added 1 hour as expiration. I tried with 1 min. But, after 2 min also, I could able to use same token and get the data. Means: token is not expired. Could you please help me on this.
Very nice explanation !!! Just one query I have in simple asp.net api we used Owin and OAuth to generate and validate token but I dint see OAuth implementation in Core is there any reason ?
OAuth can be implemented by a middleware. I do not see any reason why it cannot be. I will give it a try. I did not have the need yet, hence I did not try it yet. I will post my video after I try it out. Thanks for the question.
Hi, At timeline of 10:23 in this video, I have two questions here. 1) Why you used SecurityTokenDescriptor (from Microsoft.IdentityModel.Tokens); why not JwtSecurityToken (from System.IdentityModel.Tokens.Jwt)? 2) What is the difference between Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor and System.IdentityModel.Tokens.Jwt.JwtSecurityToken classes? When to use which?.
@Ravindranath S, JwtSecurityTokenHandler expects SecurityTokenDescriptor from Microsoft.IdentityModel.Tokens, hence. You can use JwtSecurityToken to create token, in that case, you will need to call WriteToken, instead of CreateToken on the JwtSecurityTokenHandler instance.
@@DotNetCoreCentral sorry not what i meant to ask. How do I send the header with each call in my api. After i get my token out of my api login. How to I send that token with another call to get authorized?
Hi, why did you uncheck the "Configure for HTTPS" and check "Docker enabled" option while creating the project? It'll be really helpful info if you tell us.
Hi, I see that the AuthenticationHandler class comes under two namespaces. - Microsoft.AspNetCore.Authentication - Microsoft.Owin.Security.Infrastructure could you please explain what factors decide the namespace I need to use.
@sanjay varma, Microsoft.Owin.Security.Infrastructure is the legacy namespace. If you are using ASP.Net Core 3.1 you should be using Microsoft.AspNetCore.Authentication .
@Thegeektoendallgeeks, thanks for watching! The JWTAuthenticationManager class is responsible for validating credentials and generate tokens. In a real-world scenario, this class might be just a proxy to an external authentication service for credentials validation, or it might interact with a data store for credentials. I hope this answers your question.
@@DotNetCoreCentral that helps thank you, on a separate note. I have a asp.net core web app (MVC) with authentication individual user accounts project I want to add JWT authentication similar to this, but I can't seem to figure out where to start regarding getting the user credentials to apply all of this to.
@@Thegeektoendallgeeks it should be the same as this demo since ASP.NET MVC also shares the same middleware pipeline as Web API. If you are facing any specific issue, and if you can share the code in GitHub, I can definitely take a look.
Hi Thaks for the video, I have a couple of questions . can you please clarify this? 1. I got a token from the server. I just passed it to someone to use this token. he could able to access the API with the token until it expires. How can we restrict this? 2. I got a token from the server with an expiry time of 15 min. before 15 min I hit token controller and got another token with an expiry time of 15 min. Now I have two tokens with valid time. will the two tokens work? or only the latest one? if so how can we validate?
@Chandu Subhakara Reddy Satti 1. If you pass the token to someone else purposefully, there is nothing that can be done here right. Until the token expires that person will have access to your API unless you keep all tokens in storage and check against that, in which case you can flag the token. 2. It depends if you are keeping the tokens in storage, in that case, you can have an implementation of invalidating older tokens when you send out new tokens. Otherwise, both will be valid.
@Ramesh Kumar, in the controller you will need to do this: if (!User.Identity.IsAuthenticated) return Unauthorized(); Rest will be taken care of by the middleware.
Please help me ,i am getting error from postman when i tried to access get after applying [authorize] error : similar to 403 forbidden, but specifically for use when authentication is possible but has falied or not yet provided.The response must inculde a www -authenticate header field conataining a challenge applicable to the requested resource
@Ajith Jacob, I am not sure I completely understand the question, I will definitely look into it tomorrow, and if I have any doubt about your issue I will get back to you. Thanks!
@@DotNetCoreCentral thanks for your reply. Let me explain the error.i have implemented the jwt token functionality and set attribute as allowanomus . So from postman i am able to generate the token . Then I decorated the get action method with authorize attribute and tried to access it from postman using the jwt token generated, that time I am getting the above error from postman
@@ajithjacob2054 I tried to reproduce your issue, but since I am not able to see your code its hard to reproduce. This is the location of the demo code, where I am not able to reproduce the issue. Maybe if you compare your code with mine, you will be able to get some clue what is going on. github.com/choudhurynirjhar/auth-demo
username and password passed as json to get Token via authenticate may capture in fiddler and other tools. How the security of data is ensured if web api need serve in internet ?
@@DotNetCoreCentral Thanks for quick reply. I have deployed the sample code in my UAT server that get exposed on the internet via the public IP over https. I am still able to capture the Authorization : Bearer xxxxx data via fiddler. Let me clear my expectation. All the web api call after getting JWT token should not get exposed in any form. Even if we have 1 or 2 min expiration, until that time attacker can use the the captured token to reuse unauthorized.
@@ponvels from local PC where the browser is running, the traffic can always be captured, the SSL is for stopping hackers from accessing data in the way. If your scenario when the user is logging in someone else is running Fiddler in the same machine at the time, I am not sure how practical this use case is. And if your concern is that the user leaves the website open on a public computer and someone comes in and tries to open the already open session in the web application, in that case, they already have the UI open, so the token is immaterial at this point. They can anyway access anything through UI. I am personally not aware of any mechanism to achieve what you want. If your use case is later, meaning the user leaves the UI in a public computer, the best solution is to add a log out strategy in the web application based on timeout.
@@DotNetCoreCentral Hi - I am facing one more problem. after deploying this code in IIS. i am able to hit and get the result from the name controller via browser. Could you I tried adding another controller having same issue. please comment whether I am missing any thing.
@Jamie Bowman, refresh token comes to play when as an app you want to extend the token lifetime of the user without asking the user to enter id/pwd again for a new token after the initial token expired. The classic example will be a mobile application.
Hi thank you for posting this video. I find it very helpful. I have one question regarding the authentication step though. After receiving the token with a valid username + password combination and entering it as Authorization : Bearer[whitespace]token, the Get step still throws a 401 error. Any idea of what may cause this? Thanks!
Great video, i request you to explain the token validation parameter , and token descriptor class properties significance and what situation what value we should set may help great if you do some short video on that portion
Thanks for the video. I followed exactly like you said. The token expiry I set as : Expires = DateTime.UtcNow.AddMinutes(Convert.ToDouble("20")); So, as you see I have set 20 minutes. I submit Authenticate request -> I get access_token, thats great! Now, I submit other API request with this access_token as bearer, I get the response as expected. Now, after 20 minutes, I try hitting the same endpoint, I still get response, even though 20 minutes have passed already. What am I missing? Please help.
That's how a tutorial should look like! Straight to point with a working example. Love it! 😎🤩
Thanks!
Add my voice to the chorus. Insanely helpful and well-done video, thank you.
Thanks!
This worked like a charm. Exactly what I was looking for..., Confused with various online material, but this was most clear of all of them...
@Ra m, thanks for watching the video, and glad this video helped you!
Dude!! Thx for the video! It really helped me out. Right know I'm just reading your blog to understand better the whole code.
@Carlos Daza, thanks!
Awsome way of teaching. And working with real scenario.
@Avtar Sashia, thanks for watching!
Easy and great setup of how to add authorization to a web application. Well done!
@Francois Smit, thanks for watching!
This is the most simple way of doing JWT , thanks so much
@junaid m, thanks for watching!
Why wasn't I able to find this channel earlier 😭 🤣🤣
I've shared your content with all my colleagues 🙏
@The Red Baron, thanks for watching. I hope everyone you have shared with will find it useful.
Awsm Explanation, Easy to understand
Thank you Nirjhar. Great explanation.I have implemented with your example
@Rahul Sharma, thanks for watching!
your tutorial is amazing, the IT community needs more people like you!
however, MICROSOFT SUCKS for implementing a million different classes and ways to implement authentication /authorization classes then those classes get deprecated and then the developer will be scrambling for answers to solutions that new core version/framework is trying to introduce!
For MS, there is no one universal, non-complex, non-confusing way to create a simple web API with basic authentication, it's like each authentication scheme is created by one developer that is trying to out-do the other developer within their team that has implemented a recent class/code! I hope, I really, really hope, that MS should one day be overtaken by another company or that incoming new developers will instead switch to open source and other tech stacks for web api-related stuff!
I will be the first to rejoice if MS will file for bankrupcy one day, or get bought by Apple!
Excellent content.. very straight forward
Thanks!
God bless you my friend for this video
@DAVID EMMANUEL, thanks for watching!
really nice explanation to the point and explained every point thanks alot
Very quality content. It very helped me to understand this important theme !:)
@Eva Apperson, thanks for watching!
Thanks a lot for such content. I respect and really admire your huge efforts, for such incredible content. God bless mate.
Thanks a ton
Thank you so much for taking the time to make this video and share your knowledge! Excellent. Subscribed :)
@Monica S, thanks for watching!
Love the video. I urge you to create video on OAuth with JWT implementation. Complete details on OAuth.
Thanks, will do!
Excellent video, I have shared with my whole team to watch. Thank you. One question, at 15:56 you add the JwtTokenAuthenticationManager to services with the key, but what if you wanted to pass in the DbContext and also maybe the ILogger so the JwtTokenAuthenticationManager can confirm the credentials against the Db. How do you configure the services for the JwtTokenAuthenticationManager in startup to inject those into the class?
Excellent video brother.. I have been looking for this.. Thank you so much 🙏🙌👏👏
@Praveen Kumar, thanks for watching!
Very good explanation.
thank you .
A heartly thanks to you for teaching the tokenization in simple way.
@Yashas Gowda, thanks for watching!
Simple and clear example, thank you 👍
Thanks for watching!
Thanks You. Great... very neat and clean explanation given by you.
@Pritam Deokule, thanks for watching!
Nice video , But I feel it would have been been great for beginners like me , if you had spent some time explaining the usage of each line while configuring authentication in startup and controller class files .
@Kiran BS, thanks for watching, and thanks for your valuable feedback, I will surely keep this in mind.
Guys I am confused here that the implementation of JWT here is working on O Auth 2.0 mechanism or not?
i am big fan of your videos .
@Ashutosh Mishra, thanks for watching!
Excellent... keep up the good work
@Abc Xyz, thanks for watching!
How we can achieve same thing in MVC and pass token after authentication?
Nice explanation 👌
@Funny Toddler, thanks!
May I know the use of having the AuthenticationManager interface instead of just having a solid Class? thanks
I am able to generate the token. I am also getting the data without authorisation. But when I give the Authorize for the get method I get unauthorised. Could you please help me solve this issue.
Amazing video thank you! So clear and concise!
@Brett Gregory, thanks for watching!
good help full, if you want to add more things then add authorization with multiple roles, multi-tenant application authentication.
Thanks for the suggestion!
Great tutorial, easy to follow and understand. Thanks a lot!
@gh057k33p3r, thanks for watching the video!
Very well explained. Thanks for your effort.
@Sohail Sarwar, thanks for watching!
Thank you for all of your tutorial
@Monsieur Bobel, thanks for watching!
So satisfying keyboard typing.))))
@Roman Doskoch, thanks!
In this JWT is authorized when sent as header in the request. May I know how can the access token be validate as part of query string ?
its a good practice to send token as part of header, but nothing stops you from sending token in query string, there are use cases like websocket where you might need to pass it in query string
Very useful information. Thank you sir...
@Vinayak Katti, thanks for watching!
Hi, thanks for the tutorial! You keep the content simple and easy wich is great, but for future improvement you could add a real front end, just a login page, 1 or 2 authorized pages and a logout. this way we could see the complete workflow of the jwt and how is stored in page transitions.
Pedro Moura thanks for the suggestions. I’ll definitely work on that. Thanks again for watching the video.
@@DotNetCoreCentral Did you ever make this video?
@@DotNetCoreCentral Did you ever make this video?
@@lengoctuan5217 no, I never got to it.
@@DotNetCoreCentral Thanks brother for the reply. Your video is very helpful.
Great video, nicely explained
@Shivendra P. Singh, thanks for watching!
Thanks for the Awesome Video. But I have a question. If I need to create a Custom Unathorized return message from any POST or GET api, what should I do ?
@Deepjyoty Roy, thanks for watching!
In your scenario, you can remove the Authorize attribute and inside of each method check for User.Identity.IsAuthenticated, and based on that throw Unauthorised with you custom messages per method.
Great content 👏👏 , Thank you
Excellent work explaining this!
@Knightmare RIP, thanks for watching!
really helpful to understand the jwt authentication. please make a video on refresh token also
@Sudip Jash, thanks for watching. I already have a video on refresh token on my channel.
Excellent Show, thanks much.
@Stephen Viswaraj, thanks for watching!
Thanks . Perfect video
You're welcome!
Hi, at timeline of 11:26 in this video, you added 1 hour as expiration. I tried with 1 min.
But, after 2 min also, I could able to use same token and get the data. Means: token is not expired.
Could you please help me on this.
@Ravindranath S, I will try it out and let you know.
@@DotNetCoreCentral we have to use UseExpirationValidation in AddJwtBearer configuation
@@umairghouri1718 thanks for the suggestion!
Hi. Good video. But what is the purpose of audience nd issuerence?
Thank you for the knowledge you shared. What are the headers that I should be using with Postman?
In header you have to put “bearer token”
My Authorization header is missing IDK why but I don't have problems with other headers, is there a way to change the header name?
@tertulianeo, how are you passing the header? can you share the code?
@@DotNetCoreCentral ty, it was a problem with my cloud front
@@tertulianeo great to hear your issue is resolved!
Very nice explanation !!! Just one query I have in simple asp.net api we used Owin and OAuth to generate and validate token but I dint see OAuth implementation in Core is there any reason ?
OAuth can be implemented by a middleware. I do not see any reason why it cannot be. I will give it a try. I did not have the need yet, hence I did not try it yet. I will post my video after I try it out. Thanks for the question.
@@DotNetCoreCentral Thank you so much.
Hi, At timeline of 10:23 in this video, I have two questions here.
1) Why you used SecurityTokenDescriptor (from Microsoft.IdentityModel.Tokens); why not JwtSecurityToken (from System.IdentityModel.Tokens.Jwt)?
2) What is the difference between Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor and System.IdentityModel.Tokens.Jwt.JwtSecurityToken classes? When to use which?.
@Ravindranath S, JwtSecurityTokenHandler expects SecurityTokenDescriptor from Microsoft.IdentityModel.Tokens, hence. You can use JwtSecurityToken to create token, in that case, you will need to call WriteToken, instead of CreateToken on the JwtSecurityTokenHandler instance.
Thank you man, that is what i sought for
@Marco Taliente, thanks for watching, and glad this video helped you!
how to send the authentication header with each call. like what you did in postman?
you set it in the header section of the Postman with Authorization header
@@DotNetCoreCentral sorry not what i meant to ask. How do I send the header with each call in my api. After i get my token out of my api login. How to I send that token with another call to get authorized?
@@rivaldovola9896 Postman has concept of environment variable which you can use to save the token and pass it along to rest of the calls
Hi, why did you uncheck the "Configure for HTTPS" and check "Docker enabled" option while creating the project? It'll be really helpful info if you tell us.
@Shubham Shaw, there is no particular reason. You can keep both enabled.
If you configure https you will need SSL certificate. While running in localhost you can do with http.
Hi , Have you used ever redis cache in identity server 4 to improve the preformation
@vivek Gowda, no, I have never used it. But it's a good idea I would guess. I might give it a try.
@@DotNetCoreCentral thank you 😀
Thanks....good explanation
@Shsik zuhair, thanks!
Thank you for this very helpful video and sharing your knowledge! Subscribed!
@Rehan Alibux, thanks for watching the video and subscribing to my channel!
Hi, I see that the AuthenticationHandler class comes under two namespaces.
- Microsoft.AspNetCore.Authentication
- Microsoft.Owin.Security.Infrastructure
could you please explain what factors decide the namespace I need to use.
@sanjay varma, Microsoft.Owin.Security.Infrastructure
is the legacy namespace. If you are using ASP.Net Core 3.1 you should be using Microsoft.AspNetCore.Authentication
.
Thank you for this helpful video. Keep doing the good work.
@Hinda Chokri, thanks for watching and taking the time to provide a comment!
why is making the IJwtAuthenticationManager necessary?
@Thegeektoendallgeeks, thanks for watching! The JWTAuthenticationManager class is responsible for validating credentials and generate tokens. In a real-world scenario, this class might be just a proxy to an external authentication service for credentials validation, or it might interact with a data store for credentials. I hope this answers your question.
@@DotNetCoreCentral that helps thank you, on a separate note. I have a asp.net core web app (MVC) with authentication individual user accounts project I want to add JWT authentication similar to this, but I can't seem to figure out where to start regarding getting the user credentials to apply all of this to.
@@Thegeektoendallgeeks it should be the same as this demo since ASP.NET MVC also shares the same middleware pipeline as Web API. If you are facing any specific issue, and if you can share the code in GitHub, I can definitely take a look.
Very nicely done. Thank you.
This is really good. Thanks..
@Bhanushka Ekanayake, thanks for watching!
im getting 404 not found in get when im trying to get values1 and values 2
@shashi vishw, if you can share your code in GitHub I can take a look, thanks.
Hi Thaks for the video, I have a couple of questions . can you please clarify this?
1. I got a token from the server. I just passed it to someone to use this token. he could able to access the API with the token until it expires. How can we restrict this?
2. I got a token from the server with an expiry time of 15 min. before 15 min I hit token controller and got another token with an expiry time of 15 min. Now I have two tokens with valid time. will the two tokens work? or only the latest one?
if so how can we validate?
@Chandu Subhakara Reddy Satti
1. If you pass the token to someone else purposefully, there is nothing that can be done here right. Until the token expires that person will have access to your API unless you keep all tokens in storage and check against that, in which case you can flag the token.
2. It depends if you are keeping the tokens in storage, in that case, you can have an implementation of invalidating older tokens when you send out new tokens. Otherwise, both will be valid.
can this jwt auth method used to verify access on controller page not controller api?
@ToTo, yes it can be used anywhere since it is implemented in middleware.
@@DotNetCoreCentral is it possible to give an example on how to access authorize controller page? im not sure on how to put the token to access it
@@DotNetCoreCentral i already try to access api controller with token using postman and its work fine
how to validate bearer token - if you put post man bearer token its allow to hit the method i want to how to validate bearer token and the method
@Ramesh Kumar, in the controller you will need to do this:
if (!User.Identity.IsAuthenticated)
return Unauthorized();
Rest will be taken care of by the middleware.
Thanks for your video, a Very Good explanation. I have a suggestion. if you can list out all the dependencies that will be great.
@jvv (vvj), thanks for watching and the suggestion!
Great video brother. If you could explain why we are using each commend and its benefits would have been really helpful.
@Kishor Kadavil, thanks for watching and great feedback, I will work on this.
Thank you for making it easy understanding.
@Ajith Chanaka, thanks for watching!
which the best place to store that private key?
Normally I use the AWS Secret server, most of the cloud providers will have something similar.
Great video. Keep doing the good work
Gautam Saraswat thanks for watching!
Please help me ,i am getting error from postman when i tried to access get after applying [authorize] error : similar to 403 forbidden, but specifically for use when authentication is possible but has falied or not yet provided.The response must inculde a www -authenticate header field conataining a challenge applicable to the requested resource
@Ajith Jacob, I am not sure I completely understand the question, I will definitely look into it tomorrow, and if I have any doubt about your issue I will get back to you. Thanks!
@@DotNetCoreCentral thanks for your reply. Let me explain the error.i have implemented the jwt token functionality and set attribute as allowanomus . So from postman i am able to generate the token .
Then I decorated the get action method with authorize attribute and tried to access it from postman using the jwt token generated, that time I am getting the above error from postman
@@ajithjacob2054 I tried to reproduce your issue, but since I am not able to see your code its hard to reproduce. This is the location of the demo code, where I am not able to reproduce the issue. Maybe if you compare your code with mine, you will be able to get some clue what is going on. github.com/choudhurynirjhar/auth-demo
Awesome keep up the good work
@Rahul Mathew, thanks for watching!
why do we need to "var tokenKey = Encoding.ASCII.GetBytes(key); "
@Furkan D, thanks for watching! We need to pass byte array for the key, hence we need to get bytes from the string.
username and password passed as json to get Token via authenticate may capture in fiddler and other tools. How the security of data is ensured if web api need serve in internet ?
@Ponvel Shanmuganathan, the API should be running on HTTPS to avoid this.
@@DotNetCoreCentral Thanks for quick reply. I have deployed the sample code in my UAT server that get exposed on the internet via the public IP over https. I am still able to capture the Authorization : Bearer xxxxx data via fiddler. Let me clear my expectation. All the web api call after getting JWT token should not get exposed in any form. Even if we have 1 or 2 min expiration, until that time attacker can use the the captured token to reuse unauthorized.
@@ponvels from local PC where the browser is running, the traffic can always be captured, the SSL is for stopping hackers from accessing data in the way. If your scenario when the user is logging in someone else is running Fiddler in the same machine at the time, I am not sure how practical this use case is.
And if your concern is that the user leaves the website open on a public computer and someone comes in and tries to open the already open session in the web application, in that case, they already have the UI open, so the token is immaterial at this point. They can anyway access anything through UI.
I am personally not aware of any mechanism to achieve what you want.
If your use case is later, meaning the user leaves the UI in a public computer, the best solution is to add a log out strategy in the web application based on timeout.
@@DotNetCoreCentral Hi - I am facing one more problem. after deploying this code in IIS. i am able to hit and get the result from the name controller via browser. Could you I tried adding another controller having same issue. please comment whether I am missing any thing.
@@ponvels I am not sure I understood your problem. What happens when you add a new controller? What is the problem you are facing?
Can you please provide the second part of this tutorial. It is very nice video. Awesome.
@Nafees Khan, thanks for watching! What are you expecting in the second part?
Thank you so much for this video! it's really helpful..
@sachin deshmukh, thanks for watching!
How about updating the token expiration when user tends to log out?. can you help me with that code?
@Norell Mantilla, I have a video on refresh token, you can refer to that and let me know if that works for you.
This is great and I was able to replicate this. However, I'm wondering.. where do refresh tokens come into play?
@Jamie Bowman, refresh token comes to play when as an app you want to extend the token lifetime of the user without asking the user to enter id/pwd again for a new token after the initial token expired. The classic example will be a mobile application.
Nice and simple video
@Yogesh Tripathi, thanks for watching!
"The name 'Encoding' does not exist in the current context" how to deal with it?
@Furkan D, are you using the code as is? or you made some modifications? If you did, can you share your code in GitHub so I can take a look?
@@DotNetCoreCentral i solved it thx anyway
@@furkand275 glad it worked out!
Hi thank you for posting this video. I find it very helpful. I have one question regarding the authentication step though. After receiving the token with a valid username + password combination and entering it as Authorization : Bearer[whitespace]token, the Get step still throws a 401 error. Any idea of what may cause this? Thanks!
you can raise the logging level in the config and you can see the exact issue resulting in 401
Thank you this is an awesome video
@Aj Botha, thanks for watching!
How can i consume it in my mvc application??
@Rakshit Kumar, if you are using ASP.NET Core AMV it should be exactly the same as Web API
where is the code link??
github.com/choudhurynirjhar/auth-demo
v good video really helped me
Thanks!
Great video, i request you to explain the token validation parameter , and token descriptor class properties significance and what situation what value we should set may help great if you do some short video on that portion
@Web Samurai, thanks for watching, I will try to do a video for that.
Hi bro can you make a video on how to renew the expired token when user is in actively using webapi and web application
@namburi naveen, thanks for watching. I can do that.
very well explained
Thanks!
Thanks for the video. I followed exactly like you said. The token expiry I set as :
Expires = DateTime.UtcNow.AddMinutes(Convert.ToDouble("20"));
So, as you see I have set 20 minutes.
I submit Authenticate request -> I get access_token, thats great!
Now, I submit other API request with this access_token as bearer, I get the response as expected.
Now, after 20 minutes, I try hitting the same endpoint, I still get response, even though 20 minutes have passed already. What am I missing? Please help.
@Sid N, thanks for watching. I will take a look and let you know.
Thank you! Very helpful tutorial.
@Jeff Breuninger thanks for watching!
How to make jwt taken invalid on logout time??
@mahipal a, you can create a block list, and the tokens that are part of the block list will not be allowed.
Good job 👍 .. what about refresh token?
@
Ali Haydar, thanks for watching! th-cam.com/video/7JP7V59X1sk/w-d-xo.html
Can you do a playlist of these series please ?
Gabriel Luca I will surely do. Thanks for watching.
@@DotNetCoreCentral great. Will you also add api versioning ?
Gabriel Luca I’m sorry for late response. For some reason I did not get any notification. I’ll definitely do a video on API versioning.
Nice one ... can we apply same for MVC 5
@nilesh monde, yes, you can. Thanks!
Very good video
@Raj Raj, thanks for watching!
this is awesome.. thanks a lot!
@ayush singh, thanks for watching!