Implementing JWT Authentication in ASP.NET Core

preview_player
Показать описание


Hello, everybody. I'm Nick, and in this video, I will show you how you can add production-ready authentication and authorization in .NET and ASP.NET Core with JWT tokens using a real identity service.

Don't forget to comment, like and subscribe :)

Social Media:

#csharp #dotnet
  1. Nick Chapsas
  2. Elfocrash
  3. elfo
  4. coding
  5. .netcore
  6. dot net
Рекомендации по теме
Implementing JWT Authentication 0:23:51

Implementing JWT Authentication in ASP.NET Core

Adding JWT Authentication 0:17:24

Adding JWT Authentication & Authorization in ASP.NET Core

JSON Web Tokens 0:26:13

JSON Web Tokens (JWT) in .NET 8 Web API 🔒 - User Registration / Login / Authentication

ASP.Net Core Web 0:08:01

ASP.Net Core Web API JWT Tutorial [Using JWT in ASP.Net Core]

.NET 7 Web 0:21:27

.NET 7 Web API 🔒 Create JSON Web Tokens (JWT) - User Registration / Login / Authentication

ASP.NET Core Web 0:32:46

ASP.NET Core Web API Authentication and Authorization with JWT (Json Web Token)

Secure Your .NET 0:15:05

Secure Your .NET API in 15 Minutes: JWT Authentication Tutorial

Part 1️⃣ | 0:53:54

Part 1️⃣ | Implement JWT Authentication in .NET 8 Clean Architecture🔥

Jwt Authentication C# 0:36:58

Jwt Authentication C# | Asp.Net Core Web API | ShoppingKart

JSON Web Tokens 0:26:29

JSON Web Tokens (JWT) in .NET 6 Web API 🔒 - User Registration / Login / Authentication

Token Authentication In 0:25:21

Token Authentication In ASP.NET Core 7 With JWT | Clean Architecture

.NET 6 Web 0:32:55

.NET 6 Web API 🔒 Create JSON Web Tokens (JWT) - User Registration / Login / Authentication

.NET 8 Authentication 0:20:25

.NET 8 Authentication with Identity in a Web API with Bearer Tokens & Cookies 🔒

ASP.NET CORE : 0:20:04

ASP.NET CORE : Implement JWT Token Authentication in Asp.net Core Web API C# [Simple Guide]

Create Asp.Net Core 0:12:54

Create Asp.Net Core Web API with JWT Authentication And Authorization [Complete Tutorial]

Implementing JWT Authentication 0:21:52

Implementing JWT Authentication in ASP.NET Core Web API | Part 3

Token based authentication 0:22:47

Token based authentication using JWT in Asp Net core mvc

JWT User Authentication 0:41:57

JWT User Authentication in Asp.Net Core Identity with Web API

How to Implement 0:07:25

How to Implement JWT Token Authentication in Asp Net MVC

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

What Is JWT 0:14:53

What Is JWT and Why Should You Use JWT

Configure Token Based 0:00:28

Configure Token Based Authentication in ASP.NET Core

What is JWT 0:05:13

What is JWT ? JSON Web Token Explained

JWT Token Authentication 0:00:53

JWT Token Authentication - This is how it works

Комментарии
Автор

Great video! I would suggest to people who are new to JWT first learn fundamentals about OpenID Connect and authorization methods like "Authorization Code Flow" or " Resource Owner Password Grant Flow". Once you understand the flow you will get that Cognito, IdentityServer4 or any other providers are just wrappers around this protocol

AJIexa
Автор

The first time in a long time I needed a refresher on this and this is the first recommended video, posted only 17 minutes ago. What sorcery is this, Nick?

mynameisshadywhat
Автор

Wish to see more on this topic, I started off by rolling own ID server using OpenIddict, was quite a rough start first time learning in the whole OpenID process 😅. Video on rolling your own ID server would be nice, even better if it's using OpenIddict. Still waiting for more videos on event sourcing too, only see one in your channel, perhaps those are locked behind patreon?

PhantomPhobos
Автор

I think you should comment that once you start using AWS Incognito service, you don't need the "token generator API" anymore. In my experience, most developers brains shortcircuit when they try to understand oidc and some may think they still need the API even after they start using Incognito because they don't understand how it works.

EduardLlull
Автор

2:30 "It's a piece of string!"😄love it

frossen
Автор

We're using Keycloak for both Java and .NET apps

conniedecinko
Автор

It's good starting video on using an external Idp, but don't forget that what's shown here is the bare minimum. Also, notice that Nick is using a stand-alone UI (i.e. Postman or similar) to exchange the returned auth code for a set of tokens that's stored locally (Redis is a great option for these types of short lived data); you'll need to build the exchange mechanism yourself, which is a fun little task.

A word of caution: security is not something you should take lightly, especially in an public facing environment and you should never attemt to implement encryption algorithms, unless you're one of the very few experts in the industry, that works professionally on this topic.

andersborum
Автор

The modern way to create JWTs is using the new `JsonWebTokenHandler` class, not the older & slower `JwtSecurityTokenHandler` class.

Octopie
Автор

Changing the first letter "e" is not a good test for if the JWT is working, because the "e" is the base64 character for the open brace "{" for the JSON. That's why all JWTs start with an "e". It could be failing because it's not a valid JSON fragment

tomtoups
Автор

It would be awesome if you could show how to support multiple authentication methods. Like an API key together with jwt tokens. How do we correctly authorize endpoints and setup the auth ?

DasBloch
Автор

Thanks, couple questions tho:
How should I sync the users to my db with external id providers?
Should I store roles, permission in my db or in the external provider?
and also shouldnt client secret be secret? I shouldnt use it in a spa, right?

vintage
Автор

I much prefer jwt.ms over Auth0's decoder. Much simpler page and also decodes the iat and exp values etc.

paulguk
Автор

Funny thing is that I made exact same implementation with keycloak yesterday for the first time

Paps
Автор

@nickchapsas Great refresher. I find it difficult to establish a resources that outlines at length the ins and outs of security(providers, users, flows, scopes, policies, federation). As part of the courses offered on Dometrain do you have a plan to do a comprehensive course on the subject.

festussila
Автор

This couldn't of come at a better time.

local
Автор

Great video! I would like to hear more about the other option you mentioned in your video. Server-side applications with confidential clients

justinassakalavicius
Автор

It would be pretty intersting how you can secure a Blazor app with JWT.

MarvinKleinMusic
Автор

What about roles check during API call?

vasilyh
Автор

I'd like to see something simular also showcasing the approach via azure (if possible not sure). And maybe also with something more restrictive configuration(if possible of course), like enabling google or facebook login, where you can customize which google emails can register but, restricted to a specific domain. Or for the facebook side enabling registration for specific users(ofcourse if possible).
Otherwise again a nice lecture, i enjoy your videos, keep it up👍

christianschieder
Автор

Nice video! Could you show us S2S auth process?

hristoivanov