Asp.Net Core AUTHORIZATION Made EASY

Показать описание

Asp.Net Core Authrization is something that oftens scare people a lot. However, I think that it's actually not that complicated. The main thing here is that authorization has actually a lot of different building blocks. The major flaw of documentations and some other tutorials is that they try to teach you all the building blocks at once. That doesn't work for sure. Join me in this video as I'll show you a differen approach to Asp.Net Core Authorization in which we'll try to strip out all the building blocks and concentrate on the core.

Join this channel to get source code access and other perks:

Also follow me here (especially if you are a self taught developer):

Content:
1. Intro: 00:00
2. Why Authorization seems hard: 00:18
3. Authentication vs Authorization: 00:58
4. dotnet user-jwts: 01:43
5. Understanding HttpContext.User: 05:14
6. Implementing authorization: 09:13
7. Custom authorization policies: 12:37
8. Conclusion: 18:21

My setup:

Codewrinkles

Рекомендации по теме

Комментарии

Excellent intro to JWT! Would like to add that you can also decorate an individual action with [AllowAnonymous] when the whole controller requires authentication, if for that one action anyone would be allowed to access.

anonymoos

Fantastic video, thanks, QQ, if I want to manage the role membership on my own DB (authentication remains on the identity provider, but not the roles), the right way to do it today is via that same Policy mechanism you used for the age requirement?

dtriana

How to generate the jwt token without using the cli? I would like to generate it in the code as usual

Daamnnnn

Excellent explanation .. very simplified.

kundanbhatiYT

Your video is very good, I also read microsoft docs for the authorization but it find very difficult for me to understand it, how you manage to understand the official docs and provide good tutorials like this ?

nirajbhanushali

Thanks that fills in the blanks! One question, if someone hits the rental endpoint and doesn't meet the age requirement is there a clean way to return in the body of the 403 Forbidden response what they are missing?

johnnyutah

Thanks Mr.Dan
I hope you talk about how to do permissions like "CanAdd, CanEdit, CanDelete, ..." for role/user per page

Tamer_Ali

Great video, well explained. You should possibly look into securing this token in the client side if that is not a topic that is too broad.

nove

Thanks for the amazing explanation. I have a little bit more complex scenario and I would be pleased for any useful advice. Let's imagine that we build a management system for some organizations. The user can have access to different organizations but at the same type, it can have different roles in each organization. It means that the Jwt has to consist of all roles together with corresponding organization ids to which the particular user has access. The user can switch to the organizations. Do you have any idea what is the best approach to tackle this problem?
To solve this problem I came across two solutions.
1) The information about accessed organizations and roles per user is stored in JWT.
2) when the user switches to another organization, the HTTP client sends a request about the role of the selected organization. Based on the response the JWT stored in Blazor will be manually updated.

samosimoncic

is it possible to write an own "Dekorator" like [AllowMinAge("18")] or similar? Great Video thx for the deeper dive in this topic *thumbsUp

MarioStaats

Say this API is for a Mobile App, How would you handle sign up / login on the server? How would you generate the jwt tokens in production?

schnabs

I just have one comment regarding your blazor authentication videos. One thing I think was missing, was a good example on how to redirect you to the login page if not authenticated. I have not found any good built in solution.

marcusmaunula

Hi!
Could you give me source code of this project please???

cooper

Dan, get a mechanical keyboard to add some sweet, sweet ASMR to your videos. Will help you get more views

georgeti

Asp.Net Core AUTHORIZATION Made EASY

Asp.Net Core AUTHORIZATION Made EASY

ASP.NET Core WebAPI Authentication And Authorization Made EASY

Authentication made easy with ASP.NET Core Identity in .NET 8

Adding JWT Authentication & Authorization in ASP.NET Core

Login Authentication/Authorization in ASP.NET CORE 6 MVC

ASP.NET Authentication using Identity in 10 Minutes - Authentication and Authorization in .NET8

Introduction To Permission Authorization In ASP.NET Core 7 | Permission Authorization - Part 1

ASP.NET Core Authentication Simplified | .NET Conf 2023

ASP.NET User Roles - Create and Assign Roles for AUTHORIZATION!

ASP.NET Core Web App - Authentication and Authorization using Identity - Razor Pages and SQL Server

ASP.NET Core Authentication (.NET 7 Minimal Apis C#)

Custom Identity in Asp.Net Core MVC | Login and User Registration | .Net 8

Asp Net Core - Rest API Authorization with JWT (Roles Vs Claims Vs Policy) - Step by Step

Login System in TWO Lines of Code - ASP.NET Core 8

ASP NET Core role based authorization

Complete Guide to ASP.NET Core Identity - Authentication and Authorization (2022)

Asp.Net Core MVC & Identity UI - User Registration and Login

Developing Flexible Authorization Capabilities in ASP.NET Core with Jason Taylor

Basics Part 1: Introduction to ASP.NET Core Authentication & Authorization

Implementing API Key Authentication in ASP.NET Core

ASP.NET Core MVC Login and Registration using Identity | Asp.net core tutorial

Send Emails in C# and ASP.NET Core! - It´s actually pretty SIMPLE!

ASP.NET Core JWT Authentication and role-based authorization

Basic authentication: How to add in ASP.NET Core