New .NET 8 Authentication Features in ASP.NET Core
HTML-код
- Опубликовано: 5 фев 2025
- .NET 8 brings new authentication features that are still in preview. SUPER simple bearer token authentication for your api and integration with the identity framework.
Support my Work 🤝 / raw_coding
Buy my Courses 📚 learning.raw-c...
Buy my Merch 🛒 shop.raw-codin...
Join the Community 💬 / discord
Tweet Tweet 📣 / anton_t0shik
Tune in LIVE! 🎥 / raw_coding
#aspnetcore #dotnet8 #csharp
can you use dark mode please .. it's better to our eyes
What doesn’t kill you makes you stronger
@@RawCoding 😅😅🤣
@@RawCoding after working for a long time, the eyes hurt, so a darker mode would be appropriate
dark mode not good for some disabled people.
@@DeepWorksStudios after working for a long time, consider taking a rest.
I was just thinking this week about "Anton will surely create a video about the new authentication process/features". And here it comes 😀
Thanks for the explanation. Better than MS documentation.
Awesome stuff! I love in-depth videos about authentication
Great video as usual. I stopped the video to check that I was not on 1.5x speed, you are too fast xD I would appreciate it if you could be a little slower when explaining new concepts :)
Regarding the new Auth am I getting it correctly that the new things are:
- We now can put the session token as a Bearer token since we have it as auth_token in response and before only the cookie mode was supported? So it's like a way to avoid our custom token providers and just use this approach with SPA and mobile clients.
- We have a bunch of endpoints for Asp Identity as minimal API which we can use without Razore pages and all this old stuff, with Sap and mobile clients.
- We are not sure in what scenarios we can use it. Maybe a simple web app with SPA + mobile client is a good fit to avoid our own JWT token provider and custom auth endpoints
Awesome, thank you for your content ! I learned a lot :D finally i choosed C# over java lol.. im loving net for your content
thanks! you deserve many more subscribers!
Why are they injecting IServiceProvider and then manually resolving dependencies like UserManager, instead of just injecting it via method arguments like [FromServices] UserManager?
Thanks for this usefull insight!
Keep producing your valuable content!
I posit that we are, quite conceivably, an exclusive duo amidst the global populous, electing to utilize the light theme for our Integrated Development Environments, a choice seemingly eschewed by the majority.
Hey Raw Coding,
I work with the stack Nextjs as frontend / bff backend and dotnet as the backend
would the nextjs bff comunicating with the dotnet via bearer and keeping this bearer in a secure cookie token make a better security for the token?
Just use cookies
@zeuga6111 do you use CORS when connecting your C# backend to Next JS front end or do you use BFF?
They should make it the Identity API easier and remove the existing bloat so that developer write these handlers themselves and be able to customize it for any special case
They can’t remove - otherwise it’s breaking changes. Introducing new packages means people have to rewrite.
It’s a sticky situation you have to get it right the 1st time.
will those endpoints for login and register show in swagger? maybe we can override it or if your app have the same endpoints it ignore the built it one?
Aye that’s a good point I think it will actually show up in swagger since it’s just another endpoint on the minimal api
They do!
Not directly related and maybe you've discussed this topic in other contexts that I've missed, but curious what IDE or editor you're using here and how it compares to visual studio.
Rider and I think it’s miles better
JetBrains Rider. There are a few things it's missing(some integrations with Roslyn, like Diagnostic Suppressors), but other than that it loads way faster, has better IntelliSense, more extensible, and is a lot cheaper than a Visual Studio license.
Oh, and it's cross platform(Mac, Linux, and Windows) unlike Visual Studio which is just on Windows
In what aspects is this different from old Identity Framework? Seems exactly what everyone was doing a few years ago before the jump to IdentityServer and its subsequent demise.
Do you have statistics for the average number of minutes watched on this video? Guess most of us got conjunctivitis at 0:33
holly shit my eyes, why are you using light theme
So you’d have something to complain about
Summer is a good time to not work at night😂
@@RawCoding Replies like these ain't the way you wanna go if you want to gain subscribers.
@@OeHomestead could you elaborate what I could've answered with please
Ok is there a simplification of JWT usage?
You can disable /Account/Login redirect via header? Can you post link to the docs/your video where you mention this?
No link to docs but you can have the source code )
github.com/dotnet/aspnetcore/blob/240377059ec25b4d9d86d4188a26722e55edc5a1/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs#L44
@@RawCoding Thanks!
this might be too late but you can just override the behavior of the .OnRedirectToLogin event:
.AddCookie("your_scheme", o =>
{
o.Events.OnRedirectToLogin = rc =>
{
rc.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
};
// you might also wanna override this:
o.Events.OnRedirectToAccessDenied = rc =>
{
rc.Response.StatusCode = StatusCodes.Status403Forbidden;
return Task.CompletedTask;
};
});
How to do client certificate base authentication in .NET 8
IdentityUser, SignInManager, Result.SignIn, HttpContext.SignIn... I don't know how you do it man... Either I'm dumb, or auth in Net is an utter shitshow...
2nd
@RawCoding I think with Minimal APIs you cannot handle FormPosts not even on your own endpoint, period.
You can via HttpRequest and then reading the body. And I think support for FromForm is actually coming in net 8
Form binding is supported for minimal APIs in .NET 8
Dot net 8 final is released on Nov 14 now make vedios bro
Awesome video, thanks! Could you make a video showing how to use Azure Ad authentication (with the AddMicrosoftIdentityWebAppAuthentication method) in a container running without TLS certificate? There is a problem that the app sets the redirect url as .., and that is not allowed as a callbackpath in Azure App Registration.. And if I set the redirect url manually by using the following code I get a correlation error in some authentication handler that I'm not smart enought to debug.. Any advice or chance for a video? 🙂
builder.Services.Configure(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = ctx =>
{
if (ctx.ProtocolMessage.RedirectUri.Contains("https") is false)
{
ctx.ProtocolMessage.RedirectUri = ctx.ProtocolMessage.RedirectUri.Replace("http", "https");
}
return Task.CompletedTask;
}
};
});
please update that browser, the poor guy
Let him suffer
hi, hello I have a comment related identity server on other video please have look and response
Link
.AddIdentityBearerToken has already disappeared ! in Preview 7
Sadtimes