ASP.NET Core JWT Authentication and role-based authorization
Вставка
- Опубліковано 15 жов 2024
- 💻Get the source code: go.dotnetacade...
A solid REST API should make sure that its resources are protected so that only authorized users and clients can get access to them. And thanks to the latest innovations in ASP.NET Core, protecting your Web API could not be easier.
Here I'll show you how to protect your ASP.NET Core Web API in just a few steps.
Topics covered:
00:28 Understanding Token-Based Authentication
01:56 Creating a simple minimal API
08:13 Using JWT authentication and requiring authorization
13:02 Generating tokens with dotnet user-jwts
14:50 Understanding Json Web Tokens (JWT)
21:42 Implementing role based authorization
24:43 Extracting user information via ClaimsPrincipal
33:03 Evaluating user claims
🔥Become a Senior C# Backend Engineer: juliocasal.com...
🗺️Get My Free .NET Backend Developer Roadmap: juliocasal.com...
Join me on Patreon: / juliocasal
Follow me on LinkedIn: / juliocasal
Follow me on X: x.com/julioc
#dotnet #aspnetcore #aspnet
This is the amazing explanation regarding Api authentication and authorisation process along with real action demonstration.
I really appreciate your efforts to make this concept easy to understand and digest. ❤️
Glad it was helpful, Vinay!
Finally a video where I understood the concept! Thanks
Glad it helped!
Great tutorial, I appreciate simplicity and you deliver quality content without any cumbersome code
Glad you like it!
Great tutorial, learned a new way to test the API without switching to postman, swagger or using curl. 🙂
Great to hear!
Thing of beauty, thanks for the video
Glad you enjoyed it
@@juliocasal maybe something about modular architecture in the future? 👀
@@RaWMajkeL Modular architecture?
@@juliocasal I meant modular monolith pattern
This was very well done and great content. I would like to call out that, it is best practice to use a Reference Token for communicating from the UI to an API, in place of a jwt token. Jwt tokens are still a valid choice to use between services.
Great tip Eldon!
You are simply Awesome Julio! Thank you for your efforts....
My pleasure!
Thanks, very much helpful 👌
Glad it helped!
Hi, I Have a question. If we do not want to call RequireAuthorization on a endpoint (I just want the user to be authenticated for a specific endpoint and no other things needed like role etc.), it's not even validating the token. I mean, if token is not there it still returns result. What is happening here, could you please explain.
Without the RequireAuthorization call you basically have an anonymous endpoint. Call RequireAuthorization with no parameters instead.
Love ur explanation Julio, thanks for sharing
My pleasure!
What is the difference between Claim and Signature? what does each one reference?
Claims are the pieces of information being asserted about a subject (the user, typically). The signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
Thank you for this great tutorial
How I can generate a code and make register page and login
dotnet new blazor -au Individual
@@juliocasal I wanna make a webapi and for front-end I wanna use reactjs
how I can make this mix
How would I generate token for the users of my API with this package?
Geraldson, generating tokens for real users involves introducing an identity provider, either built by yourself or already built for you. I cover that in my .NET microservices program, here: dotnetmicroservices.com/building-microservices-with-dotnet
Thank you
Great content
Glad you think so!
Bro should apply this into your Microservice course 🥲🥲
New .NET Bootcamp coming soon!