2 days if searching for a well explained video and finally found this. Keep up with the awesome work. Could have done better : created a seperate project for custom token without using the same jwt implementation since it might confuse newbies to coding. Great work. Thanks again 😊
if you try to pass options configuration, for example have some property in your options class which inherits from AuthenticationSchemeOptions, it will not configure that object. why is that?
@Steve W custom authentication handler is an option if a organization already has existing auth token mechanism, in that case a custom handler will help. If you are building a new service then of course you should be using JWT. Hopefully this answers your question. Thanks
Difference of the custom handler? I am missing the big picture. What is the purpose or the advantages of the custom handler compared against the implementation showed in the previous video?
Hi DotNet Core Central, I have custom API Exception middleware and added in pipeline app.UseApiExceptionHandler();. I have implemented code as shown in above video, however, when I return AuthenticateResult.Fail it goes to my ExceptionMiddleware and instead of returning Unauthorized it returns Internal Server error. I tried to figure out this behavior, however could not figure this out. Could you please help.
@DotNet Core Central, I was able to resolve this. App.UseAuthorization was called before app.UseRouting. Would like to know more on Authentication.. could you share your blog/ video link.
@@gshekhar2727 I am glad that your issue got resolved. I have couple of blogs you can take a look: dotnetcorecentral.com/blog/asp-net-core-authorization/ dotnetcorecentral.com/blog/authentication-handler-in-asp-net-core/
How to send Unauthorised status code with custom message for invalid token, I used AuthenticateResult.Fail("Invalid Token") but it's just printing status code unauthorised 401 without message
@Mansi Mandlik, thanks for watching the video. Inside of your controller, you can use and do not use the Authorize attribute in the controller: if (!User.Identity.IsAuthenticated) return Unauthorized("your message here");
@Ravindranath S, "Basic" is the name of the authentication scheme. It can be anything you decide on your scheme to be. Ideally, I should be using Basic as the token bearer, instead of the Bearer string that I am using. That was a miss on my part. Since you can technically have multiple Authentication schemes in a single project, the scheme name helps identify how to validate the token. I hope this clarifies your doubt.
Hi, at the timeline 15:06, you are passing AuthenticationTicket object to AuthenticateResult.Success() method. But my doubt is where you are using this added ticket & what is the significance of this ticket?
@Ravindranath S, in the Controller, when you access User object, it internally is populated from this ticket. That is why you can do User.Identity.IsAuthenticated and User.IsInRole etc. User is the ClaimsPrinciple object which is populated from the ticket.
@@gshekhar2727 I will suggest just use ILogger from Microsoft.Extensions, and the add Serilog to the logging extension. That way your code just deals with the ILogger extension, whereas in DI you can configure the logging extension to use Serilog.
Hi, Thanks for the great video Is there a way we can have 2 Authenticaion Handlers? What I mean is that in 16:30 you remove the JwtBearer authentication handler so you can use your "Basic" handler, but what if you want both? I.e. What if you want to check for JWT authentication and if that fails, instead of immidiatly return 401, you'll execute your "Basic" handler and allow for the user to authenticate using it's authentication logic? How would you have done such a thing?
@Yotam Belgoroski, you can definitely do that. But in that case, your handler needs to be generic and handle one after another. So you should not be using the JWT extension method available out of the box, instead, you will have to handle token validation and extraction yourself. Let me know if that makes sense or if you need more information. Thanks!
Thanks for creating such a wonderful content. Is there any blog of yours, which talks about when to use custom authentication handler and when to use that authentication handler which you taught in previous video ??
2 days if searching for a well explained video and finally found this. Keep up with the awesome work.
Could have done better : created a seperate project for custom token without using the same jwt implementation since it might confuse newbies to coding.
Great work. Thanks again 😊
After searching all day on how to do custom authentication this video finally came thru for me, thanks dude - awesome job!
@Jaja Harris, thanks for watching!
Super well explained! Thank you sir!
Thanks
Good explain for C# API Authentication ~
@@jaywang7285 Thanks!
if you try to pass options configuration, for example have some property in your options class which inherits from AuthenticationSchemeOptions, it will not configure that object. why is that?
I am a little confused. I watched the first video on JWT. Why the need for a custom authentication handler?
@Steve W custom authentication handler is an option if a organization already has existing auth token mechanism, in that case a custom handler will help. If you are building a new service then of course you should be using JWT. Hopefully this answers your question. Thanks
Great
You don't explain, what is claims, identity, principal, ticket. Thus, it's not a clear process.
Алексей Ш thanks for the feedback. I’ll create a video to do that. Thanks for watching.
Yes correct question. there is no clear explanation
Good one here. Thanks
exactly what I needed, thanks a lot :)
I’m glad the video helped you. Thanks for watching.
Thanks, my friend!!!
@Fernando Morales, thanks for watching!
Difference of the custom handler?
I am missing the big picture. What is the purpose or the advantages of the custom handler compared against the implementation showed in the previous video?
Sorry, I realized, that this question was already answered below. Thank you very much.
@@wolfgangmena-bruhn5992 you are welcome!
Hi, Thanks. This Video helps me alot.
@Vincent de Joseph thanks for watching!
Great video! I got a question I would appreciate it if you could answer me. What can we do with the SchemeOptions here?
Hi DotNet Core Central, I have custom API Exception middleware and added in pipeline app.UseApiExceptionHandler();. I have implemented code as shown in above video, however, when I return AuthenticateResult.Fail it goes to my ExceptionMiddleware and instead of returning Unauthorized it returns Internal Server error. I tried to figure out this behavior, however could not figure this out. Could you please help.
@G Shekhar, I will take a look and try to reproduce the issue and let you know what I find out.
@@DotNetCoreCentral yes please, thanks
@DotNet Core Central, I was able to resolve this. App.UseAuthorization was called before app.UseRouting. Would like to know more on Authentication.. could you share your blog/ video link.
@@gshekhar2727 I am glad that your issue got resolved.
I have couple of blogs you can take a look:
dotnetcorecentral.com/blog/asp-net-core-authorization/
dotnetcorecentral.com/blog/authentication-handler-in-asp-net-core/
How to send Unauthorised status code with custom message for invalid token, I used AuthenticateResult.Fail("Invalid Token") but it's just printing status code unauthorised 401 without message
@Mansi Mandlik, thanks for watching the video.
Inside of your controller, you can use and do not use the Authorize attribute in the controller:
if (!User.Identity.IsAuthenticated)
return Unauthorized("your message here");
Hi, at the timeline 16:46, you are adding "Basic" as value for defaultScheme parameter. What is the significance of this?
@Ravindranath S, "Basic" is the name of the authentication scheme. It can be anything you decide on your scheme to be. Ideally, I should be using Basic as the token bearer, instead of the Bearer string that I am using. That was a miss on my part. Since you can technically have multiple Authentication schemes in a single project, the scheme name helps identify how to validate the token. I hope this clarifies your doubt.
@@DotNetCoreCentral , yes, clarified
@@ravindranaths513 cool!
Thanks a lot man.
@Raj., thanks for watching!
Hi, at the timeline 15:06, you are passing AuthenticationTicket object to AuthenticateResult.Success() method. But my doubt is where you are using this added ticket & what is the significance of this ticket?
@Ravindranath S, in the Controller, when you access User object, it internally is populated from this ticket. That is why you can do User.Identity.IsAuthenticated and User.IsInRole etc. User is the ClaimsPrinciple object which is populated from the ticket.
@@DotNetCoreCentral how to access that User object in controller? could you explain?
@@gshekhar2727 The user object is set as a part of setting the principal. So you can use Request.HttpContext.User to access user info.
@@DotNetCoreCentral Thanks, I have a custom logger (Serilog), how do I inject that dependency in my CustomAuthenticationHandler
@@gshekhar2727 I will suggest just use ILogger from Microsoft.Extensions, and the add Serilog to the logging extension. That way your code just deals with the ILogger extension, whereas in DI you can configure the logging extension to use Serilog.
Hi, Thanks for the great video
Is there a way we can have 2 Authenticaion Handlers?
What I mean is that in 16:30 you remove the JwtBearer authentication handler so you can use your "Basic" handler, but what if you want both?
I.e. What if you want to check for JWT authentication and if that fails, instead of immidiatly return 401, you'll execute your "Basic" handler and allow for the user to authenticate using it's authentication logic? How would you have done such a thing?
@Yotam Belgoroski, you can definitely do that. But in that case, your handler needs to be generic and handle one after another. So you should not be using the JWT extension method available out of the box, instead, you will have to handle token validation and extraction yourself. Let me know if that makes sense or if you need more information. Thanks!
Thanks for creating such a wonderful content.
Is there any blog of yours, which talks about when to use custom authentication handler and when to use that authentication handler which you taught in previous video ??
@Deepak Bhalode, thanks for watching! I have a blog site here: dotnetcorecentral.com/
But I am not sure I have specifically what you are asking for.
@@DotNetCoreCentral Thank you.
Keep growing 🌱
@@deepakbhalode4419 thanks!
Tnx! Great video! Could create a video about Azure AD?
@Giampaolo TUCCI, thanks for watching! Yes, I will do videos in Azure in near future.