At 9:15, i totally got the roles and policy concepts, i immediately git pull the solution, tested and understood, code is nice and clean. i was looking for this, and this really really helped, thanks.
Great explaination! The diagrams showing the difference between role (binary) and claims (key/value) and how it's related to policy (permission) was really helpful.
I had to watch this video a couple of times and read differets documentatons on this subject. But now, days later, I've finally understood! Many thanks!
Thank u vvvvery much!!!! I am a new programmer but there is few tutorial on this newest version of Asp.net core 2.2 MVC. I have just been confusing for a long time on what you made in this tutorial . It really helps!
Roles are required: a) admin has access functions b) not admin has no access to functions Claim = Role + other business rules (complicated authorization) a) admin + 5 years employee has access functions Policy : use Claim to apply the authorization, which could make claim easy to be coded
I think you understand Roles correctly. Claims are not specific to Authorization but rather they define a user, You can then take a step to use the user definition to apply authorization using policies. Hope this helps.
Thank you very much. Can you also make a video on how to change the user claim after the user is logged in. Need a flexibility to refresh the claims of the user without asking him to log out and login again.
@@RawCoding Thanks for your suggestion. I tried the IClaimsTransformation earlier. The modified claims under TransformAsync works only for the current controller and doesn't work when redirecting to another controller. I'm using cookie authentication in .Net Core 3.1. Do I need to do anything additionally for IClaimsTransformation to work for subsequent requests to work with new claims.
Hello, thanks for the tutorial. I want to ask you : what's the difference between a claim and any other field in the user table (if we extends IdentityUser table) thank you.
Hi. I have a question about "YearWorkedFilter" class in "YearsWorkedAttribute.cs" file. how Year property get value? in constructor, there is a [ Years = years; ] but how we get years at all?
at 13:33 you can see we pass the value in the constructor (therse no 'new' keyword), github.com/T0shik/rolesvsclaimsvspolicy/blob/master/Claims/PolicyHandlers/YearsWorkedHandler.cs here's the class you can see we set year to Year.
Hi man, In the new ASP.NET CORE the parameter of the controller can seem to read the Json object from the body of POST REQUEST from postman or nightingale Did you recently encounter this before ?
If the http method is POST and the body of the request contains text that happens to be json, the dotnet core [FromBody] attribute will try to model bind that json to your model. It doesn't matter where the request is coming from. This has been working since v1 I think.
Please redo this presentation. I've only found your channel a few days ago and I've watched many of your presentations. Wow! You have one of the most well articulated and thought-out set of videos but this one got away from you. You are all over the place. Although I understood the content and it made sense, I personally have struggled with staying focused. It was as if you were uncertain, disconnected, or at best you were forced into doing this video and didn’t want to. It very much seamed like you were an amateur that you are most certainly not! I am a loyal fan now, but not of this particular production.
I know this is an old video, but this one was one of the better once on the subject. Something clicked when you described policies as functions, which made me wonder about a scenario. If you have a Blog site and want to limit the amount of blogs a user can create, would you use a claim with a policy to check if the max limit has been reached on CreateNewBlog action (get/post) ? OR would you do something simpler like checking the DB when the user is inside the CreateNewBlog action ?
Thank you, and you'd check the db no need to store it as claim. And in my auth series, (episode 3 or 4 I think) I explain how dotnet core provides resource based authorization.
@@RawCoding Amazing! I hope i can repay the time and effort you put into your educational content, just got to get that full stack job. thx again and have a wonderful weekend my man.
Oh man I disliked because of the first seconds You deal with nervous viewers because they have problems to solve. They need something clear, organized, and formal, not this low American behavior.
Nervous viewers? You come to this video when you have time to study not when it’s crunch time. And low American behaviour? Seriously? Sorry high and mighty Ahmed’s Tutorials.
So this is to uphold the “technical ideology” standards for witch you’ve invented yourself. Not saying this video is done to a high standard but a lot of good educational content is fitted with silly jokes.
UPDATED VIDEO: ruclips.net/video/W5T6713KRzg/видео.html
At 9:15, i totally got the roles and policy concepts, i immediately git pull the solution, tested and understood, code is nice and clean.
i was looking for this, and this really really helped, thanks.
Awesome!
Best intro lol
Rhank you, I try my best ))
Very original. Really liked it. Keep up the good work good dude.
Thanks) glad you liked it
comment just for pay respect) Thank you for the video!
Thank you for watching)
Great explaination! The diagrams showing the difference between role (binary) and claims (key/value) and how it's related to policy (permission) was really helpful.
I had to watch this video a couple of times and read differets documentatons on this subject. But now, days later, I've finally understood! Many thanks!
Glad you got it! Nice avatar as well )
@@RawCoding I see you are a man of culture
Very informative. Love the intro 😂
Thank you )
Thank you, man! Finally I’ve got it. Msdn documentation doesn’t make it clear, and you do.
Awesome!
Awesome tutorial. Really clears up things. Thank you...
Thank you for watching
SuperB! nice abstraction demonstration :)
Cheers
Thank u vvvvery much!!!! I am a new programmer but there is few tutorial on this newest version of Asp.net core 2.2 MVC. I have just been confusing for a long time on what you made in this tutorial . It really helps!
Glad I could help!
I gave my like in the first second of the video. Great intro
Hehe I tried ;)
the grand entry was awesome :)
best intro ever
Great explanation as well
Thank you :)
I was immediately hooked once I heard that intro track!
Intro sound effects are Hollywood level
hahaha :D
Best video, thanks a lot I could finally understand these 3!
Thank you!
Good intro!
Hehe
Great video!
best start :)
Ta
Roles are required:
a) admin has access functions
b) not admin has no access to functions
Claim = Role + other business rules (complicated authorization)
a) admin + 5 years employee has access functions
Policy : use Claim to apply the authorization, which could make claim easy to be coded
Is this a good way to understand it? If authorization is complicated, role will be chosen and without policy?
I think you understand Roles correctly.
Claims are not specific to Authorization but rather they define a user, You can then take a step to use the user definition to apply authorization using policies.
Hope this helps.
Thanks very much.
Thank you for watching
very awesome video... thanks man..!!
Brilliant! Well done, thanks!
Cheers!
Impressive!!!! thanks for the video
Glad you enjoyed it!
Thank you very much. Can you also make a video on how to change the user claim after the user is logged in. Need a flexibility to refresh the claims of the user without asking him to log out and login again.
Use IClaimsTransformer
@@RawCoding Thanks for your suggestion. I tried the IClaimsTransformation earlier. The modified claims under TransformAsync works only for the current controller and doesn't work when redirecting to another controller. I'm using cookie authentication in .Net Core 3.1. Do I need to do anything additionally for IClaimsTransformation to work for subsequent requests to work with new claims.
Watch episode 3 or 4 of my auth series I explain how to use it there.
Thumbs up for the intro
Haha :D
Nice intro bro!
haha thank you
awesome!
cheers
Intro sound great.
Hahha still cracks me up
great tutorial, thank you!
Glad you enjoyed it))
Nice vídeo, Nice Channel. Alrewdy subscribed
Thank you! Don't forget to join the discord server!
Good video
Cheers
dope intro
Haha cheers
love the them song:D
Hehe
Hello great tutorial, but quick question IAuthorization filter to validate claim for controller, but does it validate TokenValidationParameters?
Don’t know
Hello, thanks for the tutorial.
I want to ask you : what's the difference between a claim and any other field in the user table (if we extends IdentityUser table) thank you.
Claim goes in the ClaimsPrincipal object, the others are just properties on the User object
I got it thanks, I should've finished the video before asking the question. Great content, thank you
Thanks
Thank you for watching
Hi. I have a question about "YearWorkedFilter" class in "YearsWorkedAttribute.cs" file. how Year property get value? in constructor, there is a [ Years = years; ] but how we get years at all?
at 13:33 you can see we pass the value in the constructor (therse no 'new' keyword), github.com/T0shik/rolesvsclaimsvspolicy/blob/master/Claims/PolicyHandlers/YearsWorkedHandler.cs here's the class you can see we set year to Year.
IsAdmin claim vs Admin role… I still don’t have a clue what the pros and cons are and what situation each might be best used in…
Claims describe a user, Roles are just claims with an extra layer. So just use claims really
Hi man, In the new ASP.NET CORE
the parameter of the controller can seem to read the Json object from the body of POST REQUEST from postman or nightingale
Did you recently encounter this before ?
If the http method is POST and the body of the request contains text that happens to be json, the dotnet core [FromBody] attribute will try to model bind that json to your model. It doesn't matter where the request is coming from. This has been working since v1 I think.
@@RawCoding I fixed it, turn out I remove the object and just throw the attributes to it and it automatically work. I have struggle all day with it
Good job.
Please redo this presentation. I've only found your channel a few days ago and I've watched many of your presentations. Wow! You have one of the most well articulated and thought-out set of videos but this one got away from you. You are all over the place. Although I understood the content and it made sense, I personally have struggled with staying focused. It was as if you were uncertain, disconnected, or at best you were forced into doing this video and didn’t want to. It very much seamed like you were an amateur that you are most certainly not! I am a loyal fan now, but not of this particular production.
Good shout I’ll remake it, thank you.
video will be up next week.
I know this is an old video, but this one was one of the better once on the subject. Something clicked when you described policies as functions, which made me wonder about a scenario.
If you have a Blog site and want to limit the amount of blogs a user can create, would you use a claim with a policy to check if the max limit has been reached on CreateNewBlog action (get/post) ? OR would you do something simpler like checking the DB when the user is inside the CreateNewBlog action ?
Thank you, and you'd check the db no need to store it as claim. And in my auth series, (episode 3 or 4 I think) I explain how dotnet core provides resource based authorization.
@@RawCoding Amazing! I hope i can repay the time and effort you put into your educational content, just got to get that full stack job. thx again and have a wonderful weekend my man.
@@martink4975 thank you man, don't forget to wash your hands
intro gave me superpowers. and a slight headache =)
Hahaha well balanced
If you weren't scrolling like a maniac when showing the code, I would know what's in it.
lol, gotta go fast man! source code is available :)
😘😘 your intro...
thank you . if i create new role on runtime , how i can give this new role permission on specefic method at runtime.
It's a complicated thing to make, I can't explain in a comment.
@@RawCoding thank you ,do you know vedio explain this ?
@@mohammadkheder8994 No, it takes time and skill to properly implement what you are asking for.
God damn nice intro kkk
))
Where is the git repository?
Thank you for watching the video, link to the git repo is in the description
Can u tell me whats the password for the admin ?
Always password
A like for the intro 🤣🤣🤣🤣🤣
Eyyy
Like for first 10 seconds
Haha thanks =)
Congratulate everyone who come across this video.
Thank you everyone for watching!
i hope ill find a video on third party accounts by you
Hey what do you mean third party accounts? You mean external authentication?
@@RawCoding yes OAuth facebook,twitter etc
@@sammygimnyigei yes I. Will be covering that including identity server.
@@RawCoding imm looking forward to it
Hi...just advice...i'm from asia..my english is not that good..so please talk slowly and using easy vocabulary on the next video...🙏🙏🙏
Apologies
the video image is too poor, you need to fix it more
Fix more
Could you please give me this code. I need it for a school project.
Did you check the description?
I've learned a lot from you videos. Thanks.
But this one is you worst video sorry.
Oh yea it was made long time agon
The into hhhhhhhhhhhhhhhhhhh
downvoted due to intro.
Sad you feel that way
Oh man I disliked because of the first seconds
You deal with nervous viewers because they have problems to solve. They need something clear, organized, and formal, not this low American behavior.
Nervous viewers? You come to this video when you have time to study not when it’s crunch time. And low American behaviour? Seriously? Sorry high and mighty Ahmed’s Tutorials.
it's not about me and whether i have time or not this is supposed to be technical video and its intro is not this is it
So this is to uphold the “technical ideology” standards for witch you’ve invented yourself. Not saying this video is done to a high standard but a lot of good educational content is fitted with silly jokes.