Master Claims Transformation for Flexible JWT Auth in ASP.NET Core

Поделиться
HTML-код
  • Опубликовано: 23 ноя 2024

Комментарии • 46

  • @MilanJovanovicTech
    @MilanJovanovicTech  5 месяцев назад +1

    Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
    Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt

  • @Cesar-qi2jb
    @Cesar-qi2jb 5 месяцев назад

    All your videos are right on time 🤩
    We use Microsoft Entra ID for authentication. However, we plan on building our own access control API and make use of claims transformations. We use Redis as cache.

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      I think this will be a great fit for your use case. Will you use Roles/Permissions, Policies?

    • @Cesar-qi2jb
      @Cesar-qi2jb 5 месяцев назад +1

      @@MilanJovanovicTech Policy-based authorization with permissions.
      Roles and Groups would be managed by our Access Control API.

  • @ulvidemirsoy2558
    @ulvidemirsoy2558 Месяц назад

    Great work, what is the advantages compared to adding claims directly into jwt?

  • @maacpiash
    @maacpiash 5 месяцев назад

    Great video. I just have one question: if I need to access the database in the claims transformation process, where should I do it? In the implementation of IClaimsTransformation interface, or in the permission provider class?

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад +1

      It's all the same. I'd put that in a service that I will resolve from the IClaimTransformation impl.

    • @orlandomco
      @orlandomco 5 месяцев назад +2

      He stated at 6:28 that you could replace GetSubscription with an API or Database call.

  • @baudeejay8592
    @baudeejay8592 5 месяцев назад

    Inventory management with redis. I like you with it

  • @vamvdotnet
    @vamvdotnet 5 месяцев назад +1

    Excellent video! I learned a lot from you today :)

  • @EvekoShadow
    @EvekoShadow 5 месяцев назад

    Does this work well with dynamic claims? Let’s say a CreateOrder Claim but said user can only create them for his department

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      I think you'd need to have auth in the use case as well

    • @EvekoShadow
      @EvekoShadow 5 месяцев назад

      I would love to have middleware that can consume the first part of a url param to determine authorization… api/{departmentid}/{createorder}, now we have to determine authorization in endpoint itself.

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      @@EvekoShadow That's resource-based authorization, which is a bit different.

  • @HelloWorld-th9vb
    @HelloWorld-th9vb 5 месяцев назад

    Great content as always 💯

  • @haroldpepete
    @haroldpepete 5 месяцев назад

    great video, but in this case the normal user has the same permission than a user with a standard plan, he or she just need to be registered, even tough it was a great concept, you take the CreateScope and GetRequiredSerrvice from my comment?

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      It's a dummy example... The plan would be fetched from a database, for example.

    • @haroldpepete
      @haroldpepete 5 месяцев назад

      @@MilanJovanovicTech ok i got it, great video thank for sharing your knowledge with us, i really appreciate it

  • @abdulmoiz2086
    @abdulmoiz2086 5 месяцев назад

    interesting solution. the problem is that that this only works in a monolith.
    if you have 2 apis 1 .net and 1 python, then this logic will not work here. rather i think permissions should be part of the access token claims. in this way it won't matter what programming language I'm using, I'll be able to extract the permissions from the access token

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      Or they can both run the same logic and get the claims? In fact, you can cache the results in a distributed cache so the other API doesn't have to do any work

  • @rusektor
    @rusektor 5 месяцев назад

    How does this differ from ClaimsPrincipalFactory?

  • @sunzhang-d9v
    @sunzhang-d9v 5 месяцев назад

    Sorry, but what should be stored in Infrastructure and Persistence?

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      Check here: ruclips.net/video/TQdLgzVk2T8/видео.html

    • @sunzhang-d9v
      @sunzhang-d9v 5 месяцев назад

      @@MilanJovanovicTech There was nothing I needed

  • @sunzhang-d9v
    @sunzhang-d9v 5 месяцев назад

    我想知道 Infrastructure 和 Presentation 中应该存储哪些内容?

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      Check this out: ruclips.net/video/TQdLgzVk2T8/видео.html

    • @sunzhang-d9v
      @sunzhang-d9v 5 месяцев назад

      @@MilanJovanovicTech Sorry, but what should be stored in Infrastructure and Persistence?

  • @SamFugarino
    @SamFugarino 5 месяцев назад

    Thanks Milan

  • @10Totti
    @10Totti 5 месяцев назад

    Thanks best video!

  • @Paul-uo9sv
    @Paul-uo9sv 5 месяцев назад

    Good video

  • @RaZziaN1
    @RaZziaN1 5 месяцев назад +3

    Really good video, except i dislike minimal api, but other than that great.

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 месяцев назад

      Thanks. Why do you not like Minimal APIs?

    • @AhmarHusainn
      @AhmarHusainn 5 месяцев назад

      Its only about adapting to change😊

    • @rodilife
      @rodilife 3 месяца назад

      The setup process for using Minimal API in production is tiresome. It's either Controllers or FastEndpoints, one of the best libraries in the ecosystem right now. FastEnpoints is what minimal API’s should have been.

  • @amaechinaikechukwu8266
    @amaechinaikechukwu8266 5 месяцев назад

    I want to know as much as you