Really heplful. Love your .NET Core series. As a frontend developer was strugling to implement proper auth with Identity on my project, this series really helped a lot to wrap my head around it.
@@RawCoding I am guessing it is the Q1? It sounds awesome! It gives such a nice vibe to your videos. Still, it is your excellent explanations and tutorials that brought me here, thank you so much for all the efforts you put into making these videos.
it's great, but i has next problem whats don't know how fix. On deploy angular has other adress with .net deplot proj, i can send request on backend but his not return cookie auth, but i know 100% whats backend put me that in frontend? baecause if i use httpclient on localhost without write baseurl he s return me a cookie every try
Thanks for that video - it was really helpful. I am just wondering - if I am using a JWT auth - is there a possibility to connect it through SignInManager ?
yes, at SignIn....() method it's possible to pass auth properties where you can specificy the authnetication schema or authentication method. which will trigger the appropriate handler
How do I in this approach modify cookie expiration time, rename cookie, enable SlidingExpiration ? I believe when adding cookie through "AddIdentity" method we cannot do this, am i right ?
great question! you'd use ConfigureApplicationCookie after registering AddIdentity learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-7.0#cookie-settings
Hell yeah!!! I'm surprised that you're not Angular kind of guy, considering dotnet background. But you swim rather smoothly in it... Either that, or editing this video was a bitch.
@@RawCoding Hehe. Those are the main reasons I like it. Angular has by far the best, most simple and elegant solution for state management. Thus, it scales ridiculously well compared to other libs/frameworks. Everything is done via RxJs (basically pub/sub). That is why HttpClient works with observables, so you can easily hook those results up to everything else. But yeah, for proof of concept stuff, it can be pain in the...
You can implement this yourself, or rather, ask chatgpt. 1- Create an endpoint with parameter username or userId, that checks if you are admin, if so, create a token(guid) on the user with said username or userid from parameters, add it to a database table that has columns: string guid,string username or userid, bool used. 2- return url with token(guid) attached to it this url is an endpoint that makes you login with that token, on that returned endpoint, get the username or userid with the guid you get, login the user, set token to used = 1, do whatever authentication you do on your server to the user, since you already know that this token was generated by admin. If this token is used again, check If used = 1, If so, return 403, else, continue..
Doesn't dotnet Identity saves a cookie as encrypted And if cookie get encrypted then do we need a separate api to get user info and save it may be on local storage.
@@RawCoding the irony of having tutorials for open source framework behind paywall, while also encouraging audience to contribute in the comments with their knowledge. imagine going to stackoverflow and there are just patreon links. gl in ur endeavours i guess...
If this was stackoverflow I’d tell you to get fucked for leaving stupid comments, but this is my comment section so I’ll answer politely and explain the situation because I care about us growing. There needs to be a value exchange for the work I put in - if you watch the video you get value of the idea for free and you can copy the code for free, you pay for convenience and more than that to support the work I do. Also I’m not directly affiliated with Microsoft or Google so there is no irony.
12:07 I suggest viewers to use httpClient better :D Namely: Services are places where communication with api's happens but also they are responsible for holding the state so sample AuthService could look like this: @Injectable({ providedIn: 'root' } // By doing so we don't need to specify this service in the providers array, it will become singleton, and we can inject it everywhere in the app export class AuthService { user: User | null // this can be either User class directly or Subject/ReplaySubject , by making this a subject we can later in the app wire things up reactively login(login: string, password: string): Observable { return this._http.post(url, { body }).pipe( tap((user) => this.user = user)); // rxjs tap operator is for producing side effects, so it is perfect to assign our user property of the service ) logout(): Observable { return this._http.post(...).pipe( tap(() => this.user = null) ) } } } Then in the component you can use it like this: this._authService.login("anton", "iLikeCookies").subscribe((user) => { ..Whatever you want to do with that user }) If you need to access user data later on, you can do this by reffering to the user property of AuthService. I was writing this without IDE so there could be mistakes
So I would put it this way: Imagine that u need a list of users: so in service would be: async getAll() { const url = `${this.apiBaseURL}/user/list`; const result = await firstValueFrom( this.http.get(url) ); return result as User[]; } and in component: try { this.userList = await this.userService.getAll(); } catch (error: any) { this.feedbackSevice.error(error.message); } finally { this.loadingService.setOff(); }
Really heplful. Love your .NET Core series. As a frontend developer was strugling to implement proper auth with Identity on my project, this series really helped a lot to wrap my head around it.
Also, your way of explaining things is great
6:56 the software engineers mindset, love that! amazing videos as always
im about to start a job where I am gonna be doing this. Thanks for the tutorial!!!! Likely gonna be coming back to ask a question lol
This was very helpful. By following this video, I was able to add authentication to a React + .NET Web API application.
As I've seen from TS developer, he returns Observable from HttpClient
seems to be the right approach!
Angular + .NET = ❤
👍👍 Can you make another version of this video with React please?
Excellent video, very well explained. But man, that keyboard sound! What is it?
It’s a keychron keyboard with brown switches
@@RawCoding I am guessing it is the Q1? It sounds awesome! It gives such a nice vibe to your videos. Still, it is your excellent explanations and tutorials that brought me here, thank you so much for all the efforts you put into making these videos.
Спасибо большое за видео, как раз то, на чем я делаю проект) Ты крут)
spasibo )
it's great, but i has next problem whats don't know how fix. On deploy angular has other adress with .net deplot proj, i can send request on backend but his not return cookie auth, but i know 100% whats backend put me that in frontend? baecause if i use httpclient on localhost without write baseurl he s return me a cookie every try
LET'S GOO, NG + IDENTITY!
Thanks for that video - it was really helpful.
I am just wondering - if I am using a JWT auth - is there a possibility to connect it through SignInManager ?
yes, at SignIn....() method it's possible to pass auth properties where you can specificy the authnetication schema or authentication method. which will trigger the appropriate handler
Спасибо большое!
How do I in this approach modify cookie expiration time, rename cookie, enable SlidingExpiration ? I believe when adding cookie through "AddIdentity" method we cannot do this, am i right ?
great question! you'd use ConfigureApplicationCookie after registering AddIdentity
learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-7.0#cookie-settings
@@RawCoding Thanks :)
I feel this fresh look api in dotnet kinda like laravel
Hell yeah!!! I'm surprised that you're not Angular kind of guy, considering dotnet background. But you swim rather smoothly in it... Either that, or editing this video was a bitch.
it was alright, I like vanilla js over TS and Angular is TOO much boilerplate, dependency injection & observer http client like why?
@@RawCoding Hehe. Those are the main reasons I like it. Angular has by far the best, most simple and elegant solution for state management. Thus, it scales ridiculously well compared to other libs/frameworks. Everything is done via RxJs (basically pub/sub). That is why HttpClient works with observables, so you can easily hook those results up to everything else.
But yeah, for proof of concept stuff, it can be pain in the...
does anyone know why I get a 405 on all my POSTS but not GETS? I'm assuming it's a CORS issue, but I'm not sure. Any help would be appreciated.
never mind, had to sleep on it to let me figure out i'm a moron
Nice explanation. Can you please do a video about user impersonation using JWT/Identity. Thanks
will take a look!
@@RawCoding Thank you
You can implement this yourself, or rather, ask chatgpt.
1- Create an endpoint with parameter username or userId, that checks if you are admin, if so, create a token(guid) on the user with said username or userid from parameters, add it to a database table that has columns: string guid,string username or userid, bool used.
2- return url with token(guid) attached to it this url is an endpoint that makes you login with that token, on that returned endpoint, get the username or userid with the guid you get, login the user, set token to used = 1, do whatever authentication you do on your server to the user, since you already know that this token was generated by admin. If this token is used again, check If used = 1, If so, return 403, else, continue..
@@adamfarmer7665 100% don't ask chatgpt to implement something you don't understand. And your explanation is suffering from the curse of knowledge.
Doesn't dotnet Identity saves a cookie as encrypted And if cookie get encrypted then do we need a separate api to get user info and save it may be on local storage.
that's exactly what we do in this video
Now we need nuxt version with gated serverside content
Is there a source code?
only for patreon supporters.
@@RawCoding the irony of having tutorials for open source framework behind paywall, while also encouraging audience to contribute in the comments with their knowledge. imagine going to stackoverflow and there are just patreon links. gl in ur endeavours i guess...
If this was stackoverflow I’d tell you to get fucked for leaving stupid comments, but this is my comment section so I’ll answer politely and explain the situation because I care about us growing. There needs to be a value exchange for the work I put in - if you watch the video you get value of the idea for free and you can copy the code for free, you pay for convenience and more than that to support the work I do. Also I’m not directly affiliated with Microsoft or Google so there is no irony.
This is what 10x looks like
I thought you were about to commit a sin. Good thing you don't do angular.
never
12:07 I suggest viewers to use httpClient better :D
Namely:
Services are places where communication with api's happens but also they are responsible for holding the state
so sample AuthService could look like this:
@Injectable({ providedIn: 'root' } // By doing so we don't need to specify this service in the providers array, it will become singleton, and we can inject it everywhere in the app
export class AuthService {
user: User | null // this can be either User class directly or Subject/ReplaySubject , by making this a subject we can later in the app wire things up reactively
login(login: string, password: string): Observable {
return this._http.post(url, { body }).pipe(
tap((user) => this.user = user)); // rxjs tap operator is for producing side effects, so it is perfect to assign our user property of the service
)
logout(): Observable {
return this._http.post(...).pipe(
tap(() => this.user = null)
)
}
}
}
Then in the component you can use it like this: this._authService.login("anton", "iLikeCookies").subscribe((user) => { ..Whatever you want to do with that user })
If you need to access user data later on, you can do this by reffering to the user property of AuthService. I was writing this without IDE so there could be mistakes
I disagree with you, cause we want to use the AWAIT operator :D
So I would put it this way:
Imagine that u need a list of users:
so in service would be:
async getAll() {
const url = `${this.apiBaseURL}/user/list`;
const result = await firstValueFrom(
this.http.get(url)
);
return result as User[];
}
and in component:
try {
this.userList = await this.userService.getAll();
} catch (error: any) {
this.feedbackSevice.error(error.message);
} finally {
this.loadingService.setOff();
}