Thank you - this was perfect! I liked the fast pace and length of the tutorial. Your tutorial is uncluttered, clear, and to the point. Keep making more!
Omg Bro, you're incredible. I tried to add this functionality for a very long time and nothing ended with success. But your video solved my problem just in 30 minutes. And one more thing, your English is very understandable for non-native speakers. Thank you a lot!
Great video, @Code with Julian. Well done. In the Authenticate method in the LoginController class, there's no need to check for null. The Linq FirstOrDefault(...) will return null if the user with the conditions is not found, otherwise, it will return a user model. Thank you for the video.
Your tutorial is amazing, very much what I was looking for to create a production-level API with authentication, you explained stuff clearly, very detailed and well-explained and code is easy to follow without complexity and unnecessary filler codes that can be used as a template in corporate APIs. I've had paid subscriptions on Pluralsight and LinkedIn Learning, but the way you teach and this example topples most of the ones I've seen in those paid online courses where all they've done is pad their tutorials with unnecessary junk of codes to make it longer but pretty difficult to implement! I've subscribed and will definitely watch all your videos, thanks and keep it up!
Hey Brad! First of of, thank you very much for your kind words. I wish you guys would feel the same way I feel when you leave these nice comments. It truly brings joy and motivation to keep going! Secondly, I'm happy that you've found this tutorial valuable, I try to cut the fluff as much as possible, without compromising on essential details on the subject. Thank you again for your comment and I hope you have a great day!
Thank you for the simple and effective explanation. I was really stuck on how to decode jwt token to get user detials, and didnt got any perfect solution for this problem. But you did a great job at this.
I was looking for this for a long time. Watched tons of garbage. Finally I've found the exact video I was looking for. Every single thing I need is in the video. Thanks for sharing this useful tutorial.
Hey Julian, thanks for this informative video. I appreciate your efforts to make this useful content. I liked how you explained all about JWT & authentication in steps. Thanks and keep sharing. Edit: I subscribed the channel. 😊
there is very important point for UseAuthentication method call. The calling order should be like that for net5 and upper versions, app.UseAuthentication(); app.UseRouting(); app.UseAuthorization(); Otherwise you will continue to get 401 error due to middleware execution order.
thanks a lot man. I was facing the 401 issue and I really worked so hard to fix it but I was unable to fix it. So lastly I start reading the comments and found urs. Thanks a lot 🎉
Excellent tutorial !!!, my english is basic and i use the automatic provide for youtube translator in spanish and is a really nice, this is because u audio is so god. Thanks :)!
This was so precisely explained, well done. Thank You so much for this video. I have one question. If I want to make connection to Postgresql database with Visual Studio, what should I do?
Well done! Super clear and to the point! Would you reckon it's a good idea to fetch the data from the Database based on the Username that's passed in with the claims when hitting "AdminsEndpoint"? For instance, let's say someone logged in, was assigned the JWT, and then tried to access their profile settings by entering the endpoint "MyProfile". Would this be a valid way of making sure that it's only accessing it's own page?
Hi Payload thanks for the feedback, great channel by the way! This tutorial was to demonstrate how a JWT is generated and composed of, and how to create endpoints that are designated for specific security roles. In an enterprise application I would only pass in the user Id to the _MyProfile_ endpoint. The asp.net core role-based authorization will take care of granting/denying access to that endpoint (based on the JWT stored). Finally, if the user is granted access to that endpoint, they will only ever receive the profile data associated with their user id. Hope this helps!
@@CodeWithJulian Doesn't that mean that if I take away access, it takes up to 15 minutes for it to apply (or whatever the timeout is set to); since technically the jwt token is still valid and this isn't really being checked every request? Seems a bit risky to me?
@@ruadeil_zabelin The general consensus is that is best practice to set the expiration time to 15 minutes tops. Feel free to lower that limit depending on the case. Hope this helps!
Hi Julian, tbh, first video that I watched that went straight to the point w/o to many irrelevant informations, great job. Small question, how much of this is relevant for .NET 6 API (Not minimal)
I created an asp.net core mvc web application for individual accounts. I abstracted out EF core, and have all the authorization/2FA, pw reset, email authorization, account lockout... etc, handling in place. I eventually would like to create a mobile application to go with it. I planned on having the user use the website for setting up/editing their account personal details, and password changes/reset. I figure right now is a good place to create the Web API and start configuring now common data access/changes the web app and mobile application will use. What is the best way to approach this, and leave the current authorization/authentication in place for the web application, but have it also authenticate to the web api? Thank you!
Short and to the point, Thanks Julian. I have 1 doubt .what is the significance of creating new instance of UserModel in getCurrentUser method in UserController?
Best Video to learn about JWT TOken Authentication and Authorisation 1. Simple explanation 2. Clear command over topic 3. step by step by explanation 4. Working code link
hi, i have a question. can i use jwt as authentication, then i have 2 client which is web and mobile apps. so when user log in in web it will get access token for that web client, and when the same user log in into mbile apps it will get access token for that app client. therefore if 1 of the client is logged out by the user, the other client shouldnt log out. just want to know is this still correct practice. because i have confused with identityserver, AOuth 2.0
great Tutotial is just that i need, please have a question how pass this auhorization in a method of mvc, i tell you i put the [Authorize] in one method but altougth im autheticated the response is unauthorized please and thanks for your time
any idea, why I am getting below error when I try to access API having [Authorization]? System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).
This is a great video! One thing i want to ask. When you have multiple controllers and you want to get the authenticate user from getCurrentUser method. Where is the best practice to put getCurrentUser method? Do i need to build a repository/service for that and inject it to every controller that will need authentication/authorization? thanks
Thank you - this was perfect! I liked the fast pace and length of the tutorial. Your tutorial is uncluttered, clear, and to the point. Keep making more!
This is the best tutorial on JWT Authentication and Authorization I've ever seen so far, Thank you so much for your efforts.
Clear, crisp and quality teaching by saving the time too, great man!
Omg Bro, you're incredible. I tried to add this functionality for a very long time and nothing ended with success. But your video solved my problem just in 30 minutes. And one more thing, your English is very understandable for non-native speakers. Thank you a lot!
Thanks, really appreciate your feedback, happy it's been useful!
Great video, @Code with Julian. Well done.
In the Authenticate method in the LoginController class, there's no need to check for null. The Linq FirstOrDefault(...) will return null if the user with the conditions is not found, otherwise, it will return a user model.
Thank you for the video.
Bro this tutorial just saved me today, thanks so much, your calmness and pace of everything in the way you teach is excellent please keep it up
Complex matters explained with simplicity. Thank you for sharing your great work!
short, to the point, and a nice tutorial. Kudos to Jason and Elysse
Thanks for the feedback!
Just like a pro
Your tutorial is amazing, very much what I was looking for to create a production-level API with authentication, you explained stuff clearly, very detailed and well-explained and code is easy to follow without complexity and unnecessary filler codes that can be used as a template in corporate APIs. I've had paid subscriptions on Pluralsight and LinkedIn Learning, but the way you teach and this example topples most of the ones I've seen in those paid online courses where all they've done is pad their tutorials with unnecessary junk of codes to make it longer but pretty difficult to implement! I've subscribed and will definitely watch all your videos, thanks and keep it up!
Hey Brad! First of of, thank you very much for your kind words. I wish you guys would feel the same way I feel when you leave these nice comments. It truly brings joy and motivation to keep going!
Secondly, I'm happy that you've found this tutorial valuable, I try to cut the fluff as much as possible, without compromising on essential details on the subject.
Thank you again for your comment and I hope you have a great day!
It's the subject I've been looking for for a long time and the best resource I've found. Thanks...
Thanks so much Julian for making me understand this easily. Subscribed and will keep following updates here.
Thank you for the simple and effective explanation. I was really stuck on how to decode jwt token to get user detials, and didnt got any perfect solution for this problem. But you did a great job at this.
Glad the tutorial has been helpful to you! Thanks for sharing that!
Perfect explanation , straight to the point ! Thank you
Thank you! Glad it's been helpful!
Just passed by that one and it was so straight-forward for me. Keep it up and thank you for such an awesome content
This is very well done, thank you so much for making this!
Thank you, Julian, very easy to understand.
If you are using .NET 6, add this to your program.cs file
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudience = builder.Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])
)
};
});
var app = builder.Build();
This was exactly what I needed. Great job. Look forward to more.
Thanks for the feedback! More to come shortly!
This is a great tutorial. Clear explanation and good examples. Thank you very much.
Thanks Sebastian! Happy it's been helpful!
This video was very helpful, thanks for this. Please continue to create more content.
I was looking for this for a long time. Watched tons of garbage. Finally I've found the exact video I was looking for. Every single thing I need is in the video. Thanks for sharing this useful tutorial.
Thanks for your feedback! I'm glad the tutorial was helpful to you.
you saved my graduate project
thank u
Simply Awesome. Thanks for creating awesome tutorial. Keep great work up.
Everything in one go, Thanks for the video.
Thanks for the feedback, glad it was helpful!
Thanks a lot for making this, it really helped me out!
Thank you. This was super helpful!
Thaks a lot the way of your teaching is so clear and straightforward.
Brilliant Explanation you made this topic so simple by your explanation
Excelent tutorial, very precise. Thanks !
Glad you enjoyed it!
the best on youtube that explaine it , the exemples of success and failings , helps a lot , keep it up sir
Perfect, I will use it for my apprentices. Thanks a lot!
Nice one! Glad it's been useful!
Great Tutorial, you should post one where you refresh the tokens.
Thank you for the great tutorial!
Valuable lesson. Thanks Julian.
Thanks..... I've now created my first Web API thanks to you
Well done!
Hey Julian, thanks for this informative video. I appreciate your efforts to make this useful content. I liked how you explained all about JWT & authentication in steps.
Thanks and keep sharing.
Edit: I subscribed the channel. 😊
Thanks Julian, you're very clear and tbe video is very useful.
Thanks for the video. Good stuff!
Fantastic explanation Julian. Subscribed. Nice one, mate
Thanks for feedback! Happy it's been helpful!
Thank you so much …this tutorial helped me in my interview …
That's wonderful news! Hope you got the job 🥳
this is one of the best tech videos i've watched for a long time!
Thank you for your feedback! I'm happy it's been useful to you!
That was so helpful ,Thank you so much .
there is very important point for UseAuthentication method call. The calling order should be like that for net5 and upper versions,
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
Otherwise you will continue to get 401 error due to middleware execution order.
Thank you so much for this help !
Thank you so much for this comment
thanks a lot man. I was facing the 401 issue and I really worked so hard to fix it but I was unable to fix it. So lastly I start reading the comments and found urs. Thanks a lot 🎉
Thank you so much!
Amazing work. Thanks for the great explanation. May all your work success and shine bright..
Thanks for the kind words!
@Code With Julian Thanks for the video. This tutorial gave me an idea about JWT tokens implementation
Best tutorial on the subject, thank you bro
Thanks for your feedback!
Thank you - this was perfect!
Thanks Mesut! Really appreciate it!
Your video is very very useful , Thank you!
You are doing great work
Keep the good work goin brother
Simple and Neat explanation, Great Job
Thanks for this video!
Very clear and easy to understand ..Thanks
You're welcome, thanks for the feedback!
You are so awesome. Thank you! This has been so helpful
Amazing Tutorial
Thank you very much! This is useful video
Nice, you explained necessary code
man, you are awesome. Thank you very much for this video. You are a hero that saved me a lot of time!
Glad I could help, thanks for the feedback!
Thanks, it is a clear teaching.
You're welcome, thanks for feedback!
Great tutorial. Loved it!
Thanks, glad to know that!
Thank you so much for your excellent tutorial 🖐😄
I'm glad it's proven useful!
It`s nice tutorial ! Not too long, but very useful ! Thanks. Subscribed.
Thanks for the feeback, much appreciated!
thank you so much for this tutorial!!
You're welcome, happy it't been helpful!
Excellent tutorial !!!, my english is basic and i use the automatic provide for youtube translator in spanish and is a really nice, this is because u audio is so god. Thanks :)!
Also because the code is understood regardless of the language in which you speak
Big up brother , its a great tutorial
Excellent Sir
doubts are cleared now
@@CodeWithJulian kindly also share about real world Example for ,Net core Api
Awesome Awesome just awesome... Amazing video
Thank you so much 😀
Worked perfectly! some detailed explanation about JWT settings might have helped more in understanding internals
Great to hear! More JWT videos to come!
This was so precisely explained, well done. Thank You so much for this video. I have one question. If I want to make connection to Postgresql database with Visual Studio, what should I do?
wow amazing tutorial
in a word it is totally awesome
Thanks a lot for the feedback!
Thank you!
thank you so much 🙏
Well done! Super clear and to the point! Would you reckon it's a good idea to fetch the data from the Database based on the Username that's passed in with the claims when hitting "AdminsEndpoint"? For instance, let's say someone logged in, was assigned the JWT, and then tried to access their profile settings by entering the endpoint "MyProfile". Would this be a valid way of making sure that it's only accessing it's own page?
Hi Payload thanks for the feedback, great channel by the way! This tutorial was to demonstrate how a JWT is generated and composed of, and how to create endpoints that are designated for specific security roles. In an enterprise application I would only pass in the user Id to the _MyProfile_ endpoint. The asp.net core role-based authorization will take care of granting/denying access to that endpoint (based on the JWT stored). Finally, if the user is granted access to that endpoint, they will only ever receive the profile data associated with their user id. Hope this helps!
@@CodeWithJulian Doesn't that mean that if I take away access, it takes up to 15 minutes for it to apply (or whatever the timeout is set to); since technically the jwt token is still valid and this isn't really being checked every request? Seems a bit risky to me?
@@ruadeil_zabelin The general consensus is that is best practice to set the expiration time to 15 minutes tops. Feel free to lower that limit depending on the case. Hope this helps!
that was awesome, Julian! You reminds me the dude from Silicon Valley TV Show xd. I rly appreciate for the video's content.
Haha beautiful, thanks! Glad the tutorial was useful!
Hi Julian, tbh, first video that I watched that went straight to the point w/o to many irrelevant informations, great job. Small question, how much of this is relevant for .NET 6 API (Not minimal)
nice video, thanks for everything :)
Always a pleasure, thanks for feedback!
great, I love it
This is absolutely perfect and what I was looking for for one of my projects, thank you so much!
Great video :)
Glad you enjoyed it!
Can you authorize controllers instead of doing one end point at the time for admins/other-users?
I created an asp.net core mvc web application for individual accounts. I abstracted out EF core, and have all the authorization/2FA, pw reset, email authorization, account lockout... etc, handling in place. I eventually would like to create a mobile application to go with it. I planned on having the user use the website for setting up/editing their account personal details, and password changes/reset. I figure right now is a good place to create the Web API and start configuring now common data access/changes the web app and mobile application will use. What is the best way to approach this, and leave the current authorization/authentication in place for the web application, but have it also authenticate to the web api? Thank you!
Exact content which i want ❤❤❤❤
Thank you , work for me.
Nice one!
Short and to the point, Thanks Julian. I have 1 doubt .what is the significance of creating new instance of UserModel in getCurrentUser method in UserController?
well explained. kudos
Thanks for feedback, glad it helped!
Thank you 😁
No problem 😊
Best Video to learn about JWT TOken Authentication and Authorisation
1. Simple explanation
2. Clear command over topic
3. step by step by explanation
4. Working code link
Thanks for your feedback, much appreciated!
Any reason why you didn’t choose .NET 6 since that’s already released and has so much of performance improvements?
hi, i have a question. can i use jwt as authentication, then i have 2 client which is web and mobile apps. so when user log in in web it will get access token for that web client, and when the same user log in into mbile apps it will get access token for that app client. therefore if 1 of the client is logged out by the user, the other client shouldnt log out. just want to know is this still correct practice. because i have confused with identityserver, AOuth 2.0
Great
I see you added api controller to razor page project.
How can I make use of the 2 controllers in the razor pages ?
do you have any plans to make a version of this tutorial for blazor server ? because blazor server uses a dfferent workflow from controllers
Thanks for your suggestion! Sounds good!
great Tutotial is just that i need, please have a question how pass this auhorization in a method of mvc, i tell you i put the [Authorize] in one method but altougth im autheticated the response is unauthorized please and thanks for your time
any idea, why I am getting below error when I try to access API having [Authorization]?
System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).
You are legend for me ❤️
Thank you, really means a lot knowing this! Glad the tutorials are helpful to you!
@@CodeWithJulian ❤️❤️❤️❤️❤️❤️❤️❤️🥰
Sir if I get any doubts can I send you an email regarding it ?
For sure! 👍
Thank you
You're welcome!
This is a great video! One thing i want to ask. When you have multiple controllers and you want to get the authenticate user from getCurrentUser method. Where is the best practice to put getCurrentUser method? Do i need to build a repository/service for that and inject it to every controller that will need authentication/authorization? thanks
Yes you could store it in a separate service that's accessible from all your controllers, then, as you say, inject it if/where you need it.
THANKS!!!!!
Hey, Can you please help with encrypting and decrypting the JWT? It doesn't seem to work in dotnet.
I did exactly like you, not missing even a single syntax but keep receiving the "missing of Kid" which is KeyId. Can you help?