Это видео недоступно.
Сожалеем об этом.
JWT tokens, Refresh tokens and role management in dot net core API | Signup & login in dot net apis
HTML-код
- Опубликовано: 14 авг 2024
- #devravindra #ravindradevrani #dotnet6 #refreshtoken #jwtindotnetcore
It is a tutorial about creating dot net 6 web apis with jwt authentication, refresh tokens
and role-base authorization in .net 6. We will implement login, signup and change password module with the help of asp.net core identity. We will implement the functionality of refresh tokens in dot net core 6 apis. So that we can maintain login sessions for longer period of time.
source code: github.com/rd0...
Implementation of these apis with angular: • Angular login with jwt...
Source code of angular auth project: github.com/rd0...
...............................
windows hosting bundle installer:
dotnet.microso...
................................................
You can follow me
Twitter: / ravi_devrani
GitHub: github.com/rd003
RUclips: / @ravindradevrani
......................... ....................................
Little bit of modification in project..you can also check it in github repo(link in description)
add this line "ClockSkew = TimeSpan.Zero" in programin.cs file
here is the section i am talking about
// Adding Jwt Bearer
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidAudience = builder.Configuration["JWT:ValidAudience"],
ValidIssuer = builder.Configuration["JWT:ValidIssuer"],
ClockSkew = TimeSpan.Zero, //it is the line you have to add
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["JWT:Secret"]))
};
});
tried this, working as expected. so is there any other authentication methods with jwt?
No idea
Can you make a video on angular best practices
Wright now i m working on a project with dot net 6 mvc...
After that i will definitely make something with angular and node/dot net core..which will be more meaningful..
By the what do you exactly mean by best practices..
Right now i m also confused that..should i use authentication with my new projects or not... Because alone authentication takes too much time...
very helpful, Specially u share the code it reduce the time, plz consider one thing wheneva u write code plz explain it whats going on, and why we using this... this will more help to new developers. Thanks again
Thanks for your valuable inputs. I can't grow If I don't know the problem. Sorry for the inconvenience.
I got this complain a lot, this video is not properly explained. I was new to making videos that time. Now I understood what viewers needed.
I thought to recreate it, but it is a very time-consuming task, specially covering refresh tokens and role mgt. So I have avoided to recreate it.
I keep your valuable inputs in mind.
Thank you, could you make a video on how to upload images to the server and be able to put them in a carousel, please😀
Nice Video
So, the refresh token is only used to check if the client sends the correct combination of Access Token + Refresh Token
awasome i become master coder now thnks sir!!!
Sure... You will definitely
This project is configured to use ssl. To avoid ssl certificate warnings in the browser you can choose to trust self signed certificate. How to solve this problem
Good one more post
Great content. The only thing I would do next time is add more explanation on what you are doing. You seem to be copying code from somewhere else and pasting into the application, but giving no explanation on what it is for.
Thanks.
These suggestions are very helpful. It helps me to improve.
Now days, I am trying to explain things more.
Actually, I make prototype first, from there I was copying code. I was trying to save some time. I guess I got more confusing.
i had done all the process, but im seeing issue when the "ACCESS TOKEN" expire (i put toke expire in 1minute), we can still able to access the protected route why so. after some time like 5minutes its saying token expired.
thanks for noticing problem..
it happening because minimum value for expiration is set to 5 minutes by default..as what i found in stack overflow..
add this line "ClockSkew = TimeSpan.Zero" in programin.cs file
here is the section i am talking about
// Adding Jwt Bearer
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidAudience = builder.Configuration["JWT:ValidAudience"],
ValidIssuer = builder.Configuration["JWT:ValidIssuer"],
ClockSkew = TimeSpan.Zero,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["JWT:Secret"]))
};
});
I have updated the source code in github repos..you can check it...
let me know..if it has solved or not
How to use this api in client side using HttpClient how to implement that refresh token ? Like consume and call that token for login, roles and authorization when user call action to hit the data with refresh token authorization
Actually i have some content where i have implemented these apis. But in blazor I haven't applied refresh tokens, i have implemented all of this functionality with refresh token in angular..
Links are below
Blazor wasm auth without refresh tokens:
ruclips.net/video/erzpa0mTtRY/видео.html
Angular auth with refresh tokens: ruclips.net/video/upLBZnj-_fw/видео.html
Same angular as well
ruclips.net/video/upLBZnj-_fw/видео.html
Hello Ravindra sir. Thanks for this video. But I have requirement that I have to develop project in .net core. For that i was planning to use .net core 8 web API that communicate with database and next as a front end I also want to use .net core only. I want to make it api based but in .net core front end as well because in our office environment we don't use front end tool like angular, react etc... So can you please suggest me how to start . I don't want to use entity framework. Dapper will be used. SHA 256 and JWT token based authentication will be used. Your positive suggestion will be highly appreciated. I watched your video but you have used entity framework along with jwt token in this video.
I don't understand.
What are you planning? .net apis + next js.
Or . net core mvc?
@@ravindradevrani .net cor api + .net core mvc
why do you wan't to use .net core api + .net core mvc.
It makes no sense. Api's are useful if you also have mobile application.
Otherwise, alone .net core mvc can do the job.
If you are not using entity framework.
Then you need third party authentication system which is more secure and comes with pricing.
For .net core apis use Okta auth0 or azure active directory Jwt authentication
For .net core mvc app use Okta auth0 or azure active directory authentication that comes with UI.
Both authentication comes with free tier and pay as you need kind of package.
Ony content available in my channel is okta auth0 mvc authentication (ruclips.net/video/JxIhMgJKqqQ/видео.html)
@@ravindradevrani Actually currently mobile app is not required. But if required later then this API will get in use. Or if later we shift to angular as a front end then this API needs not to be written again. That's why we want api as a separate project and .net core mvc as front end as of now. Because these are government projects and govt. don't accept private or third party free services.
@@ravindradevrani ok thanks for valuable suggestions.
In github also u posted same code with error i tried to execute it has error
Sorry, but in my experience there is not any error in code.
Can you give me the timestamp of video, where you are getting the error.
If you are cloning the github repo, make sure to remove migration files from the project.
Change the connection string.
Run your migration commands.
Register the user,
Then try to login.
sir how to use this api for front end like using mvc
U can certainly use this api in mvc. That would be quite a task.
I don't think it is a good fit for mvc app.
Use cookie based authentication for mvc.
U can check this video
ruclips.net/video/xhCstGA9WVI/видео.html
Very good content Thank you Ravindra but I had problems in Postman and want to solve it but it gives error 207 in postman when I am trying to register in postman there is message invalid username and status code 0 I thought that it's maybe of method in authorization class that if I have that message that means that I have that user but then I tryed to Login and than I catch Error Number:207,State:1,Class:16 in Postman.I can not find solving in Internet have you any imagination how can I solve it.
P.S.
Sorry for disturbing.
Are you sure it's a problem in postman..
Have you tried to debug the register method and look for the actual exception at catch block..in that way you can look into acutal problem.
If you put a break point in a method, and you are reaching to that, it means there is not a problem in postman.
@@ravindradevrani I tried to check the real problem in code and I found that my connection string was written for MySql database but the new users was added in Sql Express iI think maybe problem is that do you have any imagination for solving it?
P.S.
Thank you for quick answer.
sorry i have no idea..
I guess identity works with sql sever only.
Try to change the connection string from MySQL to sql sever for identity core (user mgt section).
@@ravindradevrani Thank you very much Ravindra that's no matter it will work or no i appreciate you for your loyalty to your job i wish to you your channel and your career to develop more and more thank you very much for trying to help.
@GP_-jb2jj thanks...
But it would be great if i could help... I will to search it.
How can I logout?
There should be a logout method
it was very confusing as a fresher
My appologies.
You could be do more easier it is very complicate and every thing u have pasted and even though it has error u have continued better u could be do easier way
Yeah, everything i have pasted. Sorry for inconvenience. And thank for advise.
And it doesn't not have at my machine. I have used these api for so many demo, like angular auth, blazor auth.
You can see, at the end of video everything is working fine..
If you are getting error, post the time stamp of video where you are stuck.
Post the error message and section where you are getting error.
your video very helpful .Thank you very much !
👍