I noticed when I create a new Blazor WebAssembly app with "Individual Accounts", the AspNetUser entity doesn't have a "Password Salt" field. I know it used to, I'm just wondering why it no longer does?
It is easy to miss because Patrick goes by it so quick @23:00 Visual Studio tries to get you to do System.IdentityModel.Tokens but you need Microsoft.IdentityModel.Tokens as he says but its so quick blink and you miss it and might get stuck. Just thought I would leave this comment for anyone else who is confused why their code isn't working. Thanks Patrick for such a great tutorial!
man i thought it's only me having "refresh trouble" after compiling using visual studio 2022 😂, it's better get rest immediately right after encountering this "refresh trouble"
Bit pedantic but in a production system I would not return "Bad Username" and "Bad Password" as a bad actor can use that information for their gain. Great tutorial as always 🙂
Nice tutorial In order for jwt token to be practical, you will need to provide a refresh token. Otherwise you will have to login every time you refresh a page.
Hello Patrick, love your videos! Im completely new to this and would like to learn how to store registered users in a sql database. You dont happen to have any videos that demonstrates the entire process?
Thanks Patrick, just had a couple different questions: 1. Is this how it's really done in production? I've seen a lot of tutorials almost all of which refer to the Identity package and external IdP but if your app (i.e. your DB) is the IdP in and of itself is this how it's done? 2. I can't help but strain my eyes seeing that static User instance in your controller, not sure how this would even work as concurrent users would more than likely mutate the same instance ... how would you go about getting a user in the method body i.e. via transient service or http context? 3. What's a good way to deal with 3rd party integrations? I still want to use this methodology to sign in users to my application but I want them to be able to add other social integrations in app to query remote resources. Would I have a table with FK to user, token, and refresh token allowing me to refresh as needed?
Hey Patrick, Thanks for awesome video . do you have any video about how to save the user in Db and not on a static like now ? (User user = new User right now) ...
Hi Patrick, Thank you for this tutorials very useful., My concern now is how to Post to the database if you register and to Get the user from the database? Thank you in advance...
Very helpful video. I have a queation. During the ligin method testing. after you giving string as user name it says " CRAZY TOKEN" so where is it validating the user name i mean there i no database right?
Hi Patrick, great videos. It is possible to show how to refresh the token and how to implement it on a Blazor Server without using an API? I really appreciate it see how you implement it. Thanks
▶ [Part 2/4] .NET 6 Web API 🔒 Role-Based Authorization with JSON Web Tokens (JWT): ua-cam.com/video/TDY_DtTEkes/v-deo.html ▶ [Part 3/4] .NET 6 Web API 🔒 Read JWT Authorization Claims of a User (from a JSON Web Token): ua-cam.com/video/fhWIkbF18lM/v-deo.html ▶ [Part 4/4] Refresh Tokens with a .NET 6 Web API 🚀: ua-cam.com/video/HGIdAn2h8BA/v-deo.html
some people feel,better relief when other person guides, or may induce epiphany in the process of learning. You helped me and on your side, someone would be. That's all I hope for that. Regarding God comment that you have got. What's up with name matters, ignorant ones, If someone gives idea or solves your thing so that you progress of using it, what would you assume him/her.
lmao people are mad at your name lol!!!!! Have saw some people with biblical names because their parents were proud christians and got accused of heresy lol.
Does anyone know how we would then reference the user from the server side? Trying to make an account (like a bank account) and I want it to have a reference to the user who creates it.
@Patrick God lol I couldn't wait so I bought your .net 5 course. I am following on Mac so i had a bit of a learning curve. The tools i needed to get all of this working was Docker, Azure Studio, VS for Mac, and Postman (for testing). Following .Net 5 while I write my project in .Net 6 is not to bad.
Hi @Patrick, such a nice explanation. I really appreciated. Do you pls give me an favor can you upload video on how I refreshing JWT with refresh token.
hi patrick, if you leave the passwortSalt in the userdto as property, a hacker gets the salt to test from the api at 13:16. and if you have the user as static in line 16, then it will interact with other logins at the same time. right? but i love your tutorial
It was a great video Patrick, but really very demanding. Still thanks again for the preview, I like your videos! I sent link to your videos to my friends
Hi! Nice video :) I don't fully understand the use of passwordSalt. Feel free to explain to me like im 5 ;). Is it not enough to store the hashed password?
Hey, thanks! 😊 Don't know if that's the right explanation for a 5 year old, but without a salt, the hash value would always be the same for a particular password. Let's say your password is "remember". Running this through a cryptography algorithm results ins "123456". Another user also has the password "remember", hence the hashed value is "123456". Now, if someone (don't know who would ever do that...) is able to revert the algorithm (see MD5, for instance), then you would be able to decrypt "123456" into "remember". Always. Now comes the salt. With a salt, the hashed value is different, even if the password is the same. The algorithm takes "remember" and a random salt "wasd". The hashed value is now "456123". Another user has the same password but a different salt, hence the hashed value is different as well, although the password is the same. In essence, it's a way to make your account more secure. Hope this helps! Take care, Patrick
Hi Patrick nice to see your video I just want to ask you the perfect way to create the database for that also how we can store the user entries on database?
did you find an answer? I am doing a website with .net backend and I did what he did but when I try the route with swagger the user I register doesn't appear in my database and it s been like an hour since I try everything I can with _context.SaveChanges but nothing look to work. Sorry if I am late hahah XD
I have been putting off working on my term paper for about a month because I could not even understand the topic, but thanks to you everything became clear. Thanks dude and greetings from Ukraine :3
Hey there, I implemented what you showed us in the video into my web api. However, when I authorize my controller, and send a request with my token it doesnt unlock the controller. Any advice or guides. Cheers
I noticed when I create a new Blazor WebAssembly app with "Individual Accounts", the AspNetUser entity doesn't have a "Password Salt" field. I know it used to, I'm just wondering why it no longer does?
It is easy to miss because Patrick goes by it so quick @23:00
Visual Studio tries to get you to do System.IdentityModel.Tokens but you need Microsoft.IdentityModel.Tokens as he says but its so quick blink and you miss it and might get stuck. Just thought I would leave this comment for anyone else who is confused why their code isn't working. Thanks Patrick for such a great tutorial!
Hi Patrick, your tutorials are great. Can you make a tutorial for CustomAuthorization(ApiKey and JWT)? :)
man i thought it's only me having "refresh trouble" after compiling using visual studio 2022 😂, it's better get rest immediately right after encountering this "refresh trouble"
"I would never use the Lord's name in vain. Why would you think that?" 😂😂😂😂
Subbed!!!!
Thank you!! 😁
Great tutorial. Bonus that this probably annoyed a bible basher lmfao.
0:04 -> 29:20 😂😂
Thanks Patrick, you tutorial helped me a lot. Much appreciated.
You're most welcome! Thank YOU so much!! Really appreciate it! 😊
This guy's a gamer. Tries to type "user" but left hand goes to wasd and types "uawe" instead.
😂
Bit pedantic but in a production system I would not return "Bad Username" and "Bad Password" as a bad actor can use that information for their gain. Great tutorial as always 🙂
I agree, keep them guessing
You are absolutely right, Andrew! Thanks for sharing. 😊
Nice tutorial
In order for jwt token to be practical, you will need to provide a refresh token. Otherwise you will have to login every time you refresh a page.
Hi, may I ask the logic of a logout API in respect of JWT authentication and authorization. It seems like ur quite knowledgeable in this topic!
Patrick, who is your boy? Are you LGBT?
I dont understand why your key is "top secret key" and everything works fine while mine key must be long af, otherwise i receive errors about key
Yeah same here, I received error if my key gets less than 512 bits so my secret key is long af
Hello Patrick, love your videos! Im completely new to this and would like to learn how to store registered users in a sql database.
You dont happen to have any videos that demonstrates the entire process?
Hey there! We do that in the .NET 6 Jump Start Course. You can check it out here: ua-cam.com/video/K23uJdMiEpk/v-deo.html
Thanks Patrick, just had a couple different questions:
1. Is this how it's really done in production? I've seen a lot of tutorials almost all of which refer to the Identity package and external IdP but if your app (i.e. your DB) is the IdP in and of itself is this how it's done?
2. I can't help but strain my eyes seeing that static User instance in your controller, not sure how this would even work as concurrent users would more than likely mutate the same instance ... how would you go about getting a user in the method body i.e. via transient service or http context?
3. What's a good way to deal with 3rd party integrations? I still want to use this methodology to sign in users to my application but I want them to be able to add other social integrations in app to query remote resources. Would I have a table with FK to user, token, and refresh token allowing me to refresh as needed?
Anyone's answer on this will be appreciated
Superb! Continue this video with authentication and refresh token. And use it in some tasks. Greate
Thank you for making perfect video. I have a question how about logout. Can you make a video or suggest me some solutions. Thanks
Thanks God. This video is really helpful for me.
Glad it was helpful!
Bro, you just deserve this last name hahahah, thank you so much !
😂 Thank you!
Hi Patrick, love your tutorials. Can you do a tutorial on OAuth2 + OpenID Connect authorization server on the .NET core 6 Web API using OpenIddict.
I need the exact same tutorial. Have you found something about that?
thank you sir.. but how can i implement this JWT token on the client side? have you made a video about it?
This one is for you: ua-cam.com/video/Yh16E2u2pio/v-deo.htmlsi=GHlDOTnINjLHTnwa
@@PatrickGod thank you again sir.. is it the same for web App empty? Or should i use blazor?
Hey Patrick, Thanks for awesome video .
do you have any video about how to save the user in Db and not on a static like now ? (User user = new User right now) ...
I stucked with JWT for one month but thanks to you I solved it finally. THANK YOU SO MUCH
Great to hear! Thanks for your feedback!
same here
Hi Patrick, Thank you for this tutorials very useful., My concern now is how to Post to the database if you register and to Get the user from the database? Thank you in advance...
How would you connect this entire series of jwt authentication and oauth2 with angular on the frontend?
sir this "System.Text.Encoding.Utf8.getbytes()" function are not avalable in this package
Initially thank you
Wait does the out keyword create variables? In the register method you didn't initialize passwordHash and passwordSalt???
I like and subscribed. Thank you
Thank you so much!
Very helpful video. I have a queation. During the ligin method testing. after you giving string as user name it says " CRAZY TOKEN" so where is it validating the user name i mean there i no database right?
Hi Patrick, great videos. It is possible to show how to refresh the token and how to implement it on a Blazor Server without using an API? I really appreciate it see how you implement it. Thanks
Great video...really helpful. Thanks man
▶ [Part 2/4] .NET 6 Web API 🔒 Role-Based Authorization with JSON Web Tokens (JWT): ua-cam.com/video/TDY_DtTEkes/v-deo.html
▶ [Part 3/4] .NET 6 Web API 🔒 Read JWT Authorization Claims of a User (from a JSON Web Token): ua-cam.com/video/fhWIkbF18lM/v-deo.html
▶ [Part 4/4] Refresh Tokens with a .NET 6 Web API 🚀: ua-cam.com/video/HGIdAn2h8BA/v-deo.html
Thank you for the tutorials. I hope you dont have to deal with to many people who harass Gods.
It is a good tutorial, but UserDto and Password hashing and salting is a bit overkill for basic understanding here
Role base authorized need to added video
Got it. 😉
If you haven't seen it already, here you are: ua-cam.com/video/TDY_DtTEkes/v-deo.html 😉
@@PatrickGod Lots of thanks💝💝
some people feel,better relief when other person guides, or may induce epiphany in the process of learning. You helped me and on your side, someone would be. That's all I hope for that.
Regarding God comment that you have got. What's up with name matters, ignorant ones,
If someone gives idea or solves your thing so that you progress of using it, what would you assume him/her.
lmao people are mad at your name lol!!!!! Have saw some people with biblical names because their parents were proud christians and got accused of heresy lol.
How do you persist the registered user data for later login?
This video is pretty old, but still very helpful. Thank you sir!
Great Video ur great!
idk why but VerifyPasswordHash doesnt not work i have always a wrong password :/
i want to use auth plugin , vue frontend, .net core , mssql for backend, Can you suggest please.
Hi problem in saving Hashed PW and Salt into sql server using dapper can you help in this please !!!
So I'm using just hash password without salt password.how to verify the password
thanks GOD
Tried it in .net 5 and upon checking jwt on the checking site it says that signature's invalid
Is this normal?
thanks, you save my final exam! with createToken function xD!
its perfect to watch the video.The video timeline can see your implementation funtion.
Could make a video about Userlogin with azure active directory?
Does anyone know how we would then reference the user from the server side? Trying to make an account (like a bank account) and I want it to have a reference to the user who creates it.
IM so glad someone is making JWT with .NET 6. Other people make videos with .NET 2 in 2022 which doesn't make any sense.
Glad I could help! Thanks for your feedback!
and now. How i use it in a API?
I want only authorized users get the list of products
hi sir, hope you doing good, sir can you please make this tutorial with sql database
how do we use expire time in token to logout application automatically after certain time in angular?
if we can decode the JWT by visiting the official site then how it is safe? i mean anyone can copy our JWT and see what it contains.
Thank you, but how to validate a JWT given your secret?
Are you going to update your .Net 5 Web Api course to use .Net 6?
Absolutely. Takes some time, though. Sorry about that. But I'm on it!
@Patrick God lol I couldn't wait so I bought your .net 5 course.
I am following on Mac so i had a bit of a learning curve. The tools i needed to get all of this working was Docker, Azure Studio, VS for Mac, and Postman (for testing).
Following .Net 5 while I write my project in .Net 6 is not to bad.
how about using this webapi and consume in a core application with admin panel ?
Hi you said this example was rude do you have a professional ????
Something useful starts at 20:06 Man, so much timewaste on setting up...
Hi @Patrick, such a nice explanation. I really appreciated. Do you pls give me an favor can you upload video on how I refreshing JWT with refresh token.
Thank you! Refresh tokens are on my roadmap. Stay tuned! 😊
Thanks for this valuable tutorial, learning alot fro this channel
hey Patrick, can you make a video about the use of Interface?
If you don't believe in god, then who the hell you think you're looking at🤣
Hi Patrick, thanks for this.
Can you also help with tutorial for .net 6 web api + identity framework and data seeding? Cheers!
Thanks for your feedback. Identity is on my roadmap. Stay tuned! 😊
hi patrick, if you leave the passwortSalt in the userdto as property, a hacker gets the salt to test from the api at 13:16.
and if you have the user as static in line 16, then it will interact with other logins at the same time.
right?
but i love your tutorial
Maybe video about access token with refresh token?)
i love u mr Patrick. Thanks for everything
Thank you very much. It was interesting.
Are you retrieving data from database also in login method?
It was a great video Patrick, but really very demanding. Still thanks again for the preview, I like your videos! I sent link to your videos to my friends
Awesome, thank you! 😄
Thanks for the video, greetings from Brazil.
Hello from Argentina Patrick!! Only i want you to know that you are a very good teacher, with very clearly explanations. I wish you a lot of success!
Thank you so much! Means a lot to me! 😊
why is your access modifier for username set public?
Thank you for the tutorials
My pleasure!
What a godly content. Thank you
Thank YOU!
Why does the repo suddenly has userservices and Iuserservices?
is there a video about configuring this with a database?
It's art to able to share knowledge as easy as you doing.
Thank you so much! 😊
Another useful video👍 I also have a 1yo son and, god (no pun intended), I hear you on the sleeping time
Thank you for your support. The sleep deprivation is the worst.. But it will get better, right? 😅🤔
This is Authorize not authenticacion but is a goog video
login and register there is something wrong. cant login.
Can anyone please explain the necessity of UserDto?
Thx u Patrick, nice, amazing tutorial
Hi Patrick, great course !!! Thx
hahaha now I have no doubts about whether it was your last name or not
Love your humor man! keep it going with you easy to learn videos
Thank you so much! Appreciate it.😊
Hey, Patrick, you made authentication very easy and teach use in very simpler way.
Thanks for amazing tutorial.
God speed run coding to match up with his son wake
in wich table username and password was inserted
Thank you so much for the video. Very descriptive and helpful. Good Job 👍👍
You are welcome! Thank you so much for your feedback! 😊
Hi! Nice video :) I don't fully understand the use of passwordSalt. Feel free to explain to me like im 5 ;). Is it not enough to store the hashed password?
Hey, thanks! 😊
Don't know if that's the right explanation for a 5 year old, but without a salt, the hash value would always be the same for a particular password. Let's say your password is "remember". Running this through a cryptography algorithm results ins "123456". Another user also has the password "remember", hence the hashed value is "123456". Now, if someone (don't know who would ever do that...) is able to revert the algorithm (see MD5, for instance), then you would be able to decrypt "123456" into "remember". Always.
Now comes the salt. With a salt, the hashed value is different, even if the password is the same. The algorithm takes "remember" and a random salt "wasd". The hashed value is now "456123". Another user has the same password but a different salt, hence the hashed value is different as well, although the password is the same.
In essence, it's a way to make your account more secure.
Hope this helps!
Take care,
Patrick
@@PatrickGod Excellent explanation! Thanks for responding so quick :)
Hi Patrick nice to see your video
I just want to ask you the perfect way to create the database for that also how we can store the user entries on database?
did you find an answer? I am doing a website with .net backend and I did what he did but when I try the route with swagger the user I register doesn't appear in my database and it s been like an hour since I try everything I can with _context.SaveChanges but nothing look to work. Sorry if I am late hahah XD
Wow i was looking for exactly this, and presented by no other than the cozyest guy out there. cheers
This is great. Thank you so much for your kind feedback. 😀
I have been putting off working on my term paper for about a month because I could not even understand the topic, but thanks to you everything became clear. Thanks dude and greetings from Ukraine :3
Glad I could help! 😊Thanks a lot for your feedback!
Thanks for it, dude! I’m need it
Finally, the last name, been so afraid to say it. Very helpful tutorial, keep up the good job
😊 Glad it helped! Thanks for your feedback!
I love you man. Thanks so much for this tutorial and the pagination one.
Happy to help! Thank you very much for your feedback! 😊
Great tutorial! I was exactly looking for that and it’s very well explained :)
Thank you very much for your feedback! 😊
Hey there, I implemented what you showed us in the video into my web api. However, when I authorize my controller, and send a request with my token it doesnt unlock the controller. Any advice or guides. Cheers
Hey Riley, I think this video is for you: ua-cam.com/video/TDY_DtTEkes/v-deo.html Enjoy! 😊
@@PatrickGod I figured it out I hacked away at it and got it. Thankyou though. Love the vids
I don't have any requests but just wanted to pass along another thank you as your videos are very instructive, concise and helpful.
Thank you so much!! Means a lot. 😊