I had to watch this video a couple of times and read differets documentatons on this subject. But now, days later, I've finally understood! Many thanks!
At 9:15, i totally got the roles and policy concepts, i immediately git pull the solution, tested and understood, code is nice and clean. i was looking for this, and this really really helped, thanks.
Great explaination! The diagrams showing the difference between role (binary) and claims (key/value) and how it's related to policy (permission) was really helpful.
Thank u vvvvery much!!!! I am a new programmer but there is few tutorial on this newest version of Asp.net core 2.2 MVC. I have just been confusing for a long time on what you made in this tutorial . It really helps!
Thank you very much. Can you also make a video on how to change the user claim after the user is logged in. Need a flexibility to refresh the claims of the user without asking him to log out and login again.
@@RawCoding Thanks for your suggestion. I tried the IClaimsTransformation earlier. The modified claims under TransformAsync works only for the current controller and doesn't work when redirecting to another controller. I'm using cookie authentication in .Net Core 3.1. Do I need to do anything additionally for IClaimsTransformation to work for subsequent requests to work with new claims.
Hello, thanks for the tutorial. I want to ask you : what's the difference between a claim and any other field in the user table (if we extends IdentityUser table) thank you.
I know this is an old video, but this one was one of the better once on the subject. Something clicked when you described policies as functions, which made me wonder about a scenario. If you have a Blog site and want to limit the amount of blogs a user can create, would you use a claim with a policy to check if the max limit has been reached on CreateNewBlog action (get/post) ? OR would you do something simpler like checking the DB when the user is inside the CreateNewBlog action ?
Thank you, and you'd check the db no need to store it as claim. And in my auth series, (episode 3 or 4 I think) I explain how dotnet core provides resource based authorization.
@@RawCoding Amazing! I hope i can repay the time and effort you put into your educational content, just got to get that full stack job. thx again and have a wonderful weekend my man.
Roles are required: a) admin has access functions b) not admin has no access to functions Claim = Role + other business rules (complicated authorization) a) admin + 5 years employee has access functions Policy : use Claim to apply the authorization, which could make claim easy to be coded
I think you understand Roles correctly. Claims are not specific to Authorization but rather they define a user, You can then take a step to use the user definition to apply authorization using policies. Hope this helps.
Hi. I have a question about "YearWorkedFilter" class in "YearsWorkedAttribute.cs" file. how Year property get value? in constructor, there is a [ Years = years; ] but how we get years at all?
at 13:33 you can see we pass the value in the constructor (therse no 'new' keyword), github.com/T0shik/rolesvsclaimsvspolicy/blob/master/Claims/PolicyHandlers/YearsWorkedHandler.cs here's the class you can see we set year to Year.
Hi man, In the new ASP.NET CORE the parameter of the controller can seem to read the Json object from the body of POST REQUEST from postman or nightingale Did you recently encounter this before ?
If the http method is POST and the body of the request contains text that happens to be json, the dotnet core [FromBody] attribute will try to model bind that json to your model. It doesn't matter where the request is coming from. This has been working since v1 I think.
Please redo this presentation. I've only found your channel a few days ago and I've watched many of your presentations. Wow! You have one of the most well articulated and thought-out set of videos but this one got away from you. You are all over the place. Although I understood the content and it made sense, I personally have struggled with staying focused. It was as if you were uncertain, disconnected, or at best you were forced into doing this video and didn’t want to. It very much seamed like you were an amateur that you are most certainly not! I am a loyal fan now, but not of this particular production.
Oh man I disliked because of the first seconds You deal with nervous viewers because they have problems to solve. They need something clear, organized, and formal, not this low American behavior.
Nervous viewers? You come to this video when you have time to study not when it’s crunch time. And low American behaviour? Seriously? Sorry high and mighty Ahmed’s Tutorials.
So this is to uphold the “technical ideology” standards for witch you’ve invented yourself. Not saying this video is done to a high standard but a lot of good educational content is fitted with silly jokes.
UPDATED VIDEO: ruclips.net/video/W5T6713KRzg/видео.html
Best intro lol
Rhank you, I try my best ))
Very original. Really liked it. Keep up the good work good dude.
Thanks) glad you liked it
comment just for pay respect) Thank you for the video!
Thank you for watching)
I was immediately hooked once I heard that intro track!
I had to watch this video a couple of times and read differets documentatons on this subject. But now, days later, I've finally understood! Many thanks!
Glad you got it! Nice avatar as well )
@@RawCoding I see you are a man of culture
At 9:15, i totally got the roles and policy concepts, i immediately git pull the solution, tested and understood, code is nice and clean.
i was looking for this, and this really really helped, thanks.
Awesome!
Great explaination! The diagrams showing the difference between role (binary) and claims (key/value) and how it's related to policy (permission) was really helpful.
Very informative. Love the intro 😂
Thank you )
Thank you, man! Finally I’ve got it. Msdn documentation doesn’t make it clear, and you do.
Awesome!
SuperB! nice abstraction demonstration :)
Cheers
the grand entry was awesome :)
Thank u vvvvery much!!!! I am a new programmer but there is few tutorial on this newest version of Asp.net core 2.2 MVC. I have just been confusing for a long time on what you made in this tutorial . It really helps!
Glad I could help!
Awesome tutorial. Really clears up things. Thank you...
Thank you for watching
I gave my like in the first second of the video. Great intro
Hehe I tried ;)
Best video, thanks a lot I could finally understand these 3!
Thank you!
very awesome video... thanks man..!!
Intro sound effects are Hollywood level
hahaha :D
Great explanation as well
Thank you :)
Great video!
best start :)
Ta
Good intro!
Hehe
Brilliant! Well done, thanks!
Cheers!
Thank you very much. Can you also make a video on how to change the user claim after the user is logged in. Need a flexibility to refresh the claims of the user without asking him to log out and login again.
Use IClaimsTransformer
@@RawCoding Thanks for your suggestion. I tried the IClaimsTransformation earlier. The modified claims under TransformAsync works only for the current controller and doesn't work when redirecting to another controller. I'm using cookie authentication in .Net Core 3.1. Do I need to do anything additionally for IClaimsTransformation to work for subsequent requests to work with new claims.
Watch episode 3 or 4 of my auth series I explain how to use it there.
Impressive!!!! thanks for the video
Glad you enjoyed it!
Thanks very much.
Thank you for watching
Hello, thanks for the tutorial.
I want to ask you : what's the difference between a claim and any other field in the user table (if we extends IdentityUser table) thank you.
Claim goes in the ClaimsPrincipal object, the others are just properties on the User object
I got it thanks, I should've finished the video before asking the question. Great content, thank you
great tutorial, thank you!
Glad you enjoyed it))
Hello great tutorial, but quick question IAuthorization filter to validate claim for controller, but does it validate TokenValidationParameters?
Don’t know
I know this is an old video, but this one was one of the better once on the subject. Something clicked when you described policies as functions, which made me wonder about a scenario.
If you have a Blog site and want to limit the amount of blogs a user can create, would you use a claim with a policy to check if the max limit has been reached on CreateNewBlog action (get/post) ? OR would you do something simpler like checking the DB when the user is inside the CreateNewBlog action ?
Thank you, and you'd check the db no need to store it as claim. And in my auth series, (episode 3 or 4 I think) I explain how dotnet core provides resource based authorization.
@@RawCoding Amazing! I hope i can repay the time and effort you put into your educational content, just got to get that full stack job. thx again and have a wonderful weekend my man.
@@martink4975 thank you man, don't forget to wash your hands
best intro ever
Roles are required:
a) admin has access functions
b) not admin has no access to functions
Claim = Role + other business rules (complicated authorization)
a) admin + 5 years employee has access functions
Policy : use Claim to apply the authorization, which could make claim easy to be coded
Is this a good way to understand it? If authorization is complicated, role will be chosen and without policy?
I think you understand Roles correctly.
Claims are not specific to Authorization but rather they define a user, You can then take a step to use the user definition to apply authorization using policies.
Hope this helps.
Hi. I have a question about "YearWorkedFilter" class in "YearsWorkedAttribute.cs" file. how Year property get value? in constructor, there is a [ Years = years; ] but how we get years at all?
at 13:33 you can see we pass the value in the constructor (therse no 'new' keyword), github.com/T0shik/rolesvsclaimsvspolicy/blob/master/Claims/PolicyHandlers/YearsWorkedHandler.cs here's the class you can see we set year to Year.
IsAdmin claim vs Admin role… I still don’t have a clue what the pros and cons are and what situation each might be best used in…
Claims describe a user, Roles are just claims with an extra layer. So just use claims really
Nice vídeo, Nice Channel. Alrewdy subscribed
Thank you! Don't forget to join the discord server!
Thumbs up for the intro
Haha :D
Hi man, In the new ASP.NET CORE
the parameter of the controller can seem to read the Json object from the body of POST REQUEST from postman or nightingale
Did you recently encounter this before ?
If the http method is POST and the body of the request contains text that happens to be json, the dotnet core [FromBody] attribute will try to model bind that json to your model. It doesn't matter where the request is coming from. This has been working since v1 I think.
@@RawCoding I fixed it, turn out I remove the object and just throw the attributes to it and it automatically work. I have struggle all day with it
Good job.
Good video
Cheers
Intro sound great.
Hahha still cracks me up
awesome!
cheers
Please redo this presentation. I've only found your channel a few days ago and I've watched many of your presentations. Wow! You have one of the most well articulated and thought-out set of videos but this one got away from you. You are all over the place. Although I understood the content and it made sense, I personally have struggled with staying focused. It was as if you were uncertain, disconnected, or at best you were forced into doing this video and didn’t want to. It very much seamed like you were an amateur that you are most certainly not! I am a loyal fan now, but not of this particular production.
Good shout I’ll remake it, thank you.
video will be up next week.
Nice intro bro!
haha thank you
love the them song:D
Hehe
dope intro
Haha cheers
Thanks
Thank you for watching
thank you . if i create new role on runtime , how i can give this new role permission on specefic method at runtime.
It's a complicated thing to make, I can't explain in a comment.
@@RawCoding thank you ,do you know vedio explain this ?
@@mohammadkheder8994 No, it takes time and skill to properly implement what you are asking for.
If you weren't scrolling like a maniac when showing the code, I would know what's in it.
lol, gotta go fast man! source code is available :)
intro gave me superpowers. and a slight headache =)
Hahaha well balanced
Where is the git repository?
Thank you for watching the video, link to the git repo is in the description
God damn nice intro kkk
))
😘😘 your intro...
Can u tell me whats the password for the admin ?
Always password
i hope ill find a video on third party accounts by you
Hey what do you mean third party accounts? You mean external authentication?
@@RawCoding yes OAuth facebook,twitter etc
@@sammygimnyigei yes I. Will be covering that including identity server.
@@RawCoding imm looking forward to it
Congratulate everyone who come across this video.
Thank you everyone for watching!
A like for the intro 🤣🤣🤣🤣🤣
Eyyy
Hi...just advice...i'm from asia..my english is not that good..so please talk slowly and using easy vocabulary on the next video...🙏🙏🙏
Apologies
Like for first 10 seconds
Haha thanks =)
Could you please give me this code. I need it for a school project.
Did you check the description?
the video image is too poor, you need to fix it more
Fix more
I've learned a lot from you videos. Thanks.
But this one is you worst video sorry.
Oh yea it was made long time agon
The into hhhhhhhhhhhhhhhhhhh
downvoted due to intro.
Sad you feel that way
Oh man I disliked because of the first seconds
You deal with nervous viewers because they have problems to solve. They need something clear, organized, and formal, not this low American behavior.
Nervous viewers? You come to this video when you have time to study not when it’s crunch time. And low American behaviour? Seriously? Sorry high and mighty Ahmed’s Tutorials.
it's not about me and whether i have time or not this is supposed to be technical video and its intro is not this is it
So this is to uphold the “technical ideology” standards for witch you’ve invented yourself. Not saying this video is done to a high standard but a lot of good educational content is fitted with silly jokes.