Комментарии:
Great video. Superb content. Thank you !!!
ОтветитьHi Nick, appreciate the work you do. One question about the filter of the minimal api. If we have another middleware the request stops first in it and then into the filter?
ОтветитьThank you, very interesting and easy to implement with your clear details. Looks appropriate for a use case I have.
Couple of questions 😁
- Can you safely mix auth schemes, i.e I have a multi-tenant minimal api that users authenticate to via Azure B2C oauth2, but I need to add a simple API key access for a few endpoints, for service apps to use. I could use client credentials flow or application api's, but there's the problem of distributing/revoking api keys and I want to issue them dynamically depending on the tenant the service apps belong to.
- Can you restrict access to a SignalR server using these?
- Swagger - can it handle multiple auth schemes?
Great help, exactly what I needed. Thanks tons. Since adopting Blazor Server then finding Minimal API's I can now build Api's without MVC "and" secure them. I remember first hearing of WebSocket so many years ago, throw in Entra, Microsoft Graph, and Application Proxy we now have flying cars for the enterprise.
ОтветитьTo get around the dependency injection problem you can create a custom attribute that extends from TypeFilterAttribute, which then passes typeof(MyFilter) to the base constructor. From there the system will allow you to use DI in your filter.
ОтветитьYou are great! Thank you!
ОтветитьHi, can you come up with a vidwo where you can demonstrate how to Authorize same endpoint using either inbuilt jwt bearer or api key at the same time? So,how we can add custom authentication along with inbuilt authentication schemes and regiater at startup. Thanks
ОтветитьVery good and detailed explination on this topic, great video!
ОтветитьI was looking for the second approach, so sad 😂😂😂
Ответитьhow to use AllowAnonymous?
ОтветитьThis video is difficult to understand and video editing is inconsistent with the content..
Ответитьbroooo,! so cool!
ОтветитьThanks ❤
ОтветитьHi Nick, that is very nice. Just a quick thought about how can I separate consumers(apps), like I want to have separate api key for each app trying to use api. Quick thought is to include app name along with key, I grab the app name and check the key. Any batter way?
ОтветитьIn your example, once the APIKeyMiddleware - public async Task method runs, and authentication is successful, it doesn't redirect to my Homecontroller in order to run the my Post method and continue with the request. How do I get it to direct to my post request in my Homecontroller?
ОтветитьSo if I have an app that connects to thousands of users authentication is something I dont need, did I get that right?
Ответитьthank you we love you
Ответитьcan you give us the book name or tutorial where did you learn this all?
Ответитьthanks
ОтветитьThis breaks swagger documentation.
ОтветитьGreat!
ОтветитьThis was awesome, thanks Nick!
Just wondering, is there a reason for not using the IMiddleware interface when implementing the ApiKeyAuthMiddleware class?
Great video Nick, as always! A tip to others: the same principal can be used to enforce client certificate based auth, minus the Swagger UI integration. This way, you can easily enforce different types of auth on different scopes within the same API.
ОтветитьHi Nick
Amazing video, I have a question about minimal api swagger authorize button option
How to pass different keys with the same button
I have bearer token some set of endpoint allowed with one token and other set of endpoints use another type of token.
How can we address it so Authorise button worked
Thank you
Nick, I purchased your zero to hero minimal API course... the discord link is broken.... is that a mistake or did you shut it down?
ОтветитьThanks Nick, i need this
Ответитьexcelente video
ОтветитьBrilliant, thanks!
ОтветитьHi Nick! First of all thank you very much for your videos! They are soooo interesting and you actually taught me a lot since when I started following you :D
I have a question about this approach: why yoi didn't mention the AuthenticationHandler approach?
Great video! Thanks a lot for your efforts, Nick! You're great
ОтветитьGreat Video!!!!!!!!
Ответитьthe longest app. 18 minutes in my life :D thank you for the explanation!
ОтветитьI was hoping to use api keys with Identity framework, I recall seeing your .NET core 2 & 3 playlist, and in comments section there you said we can look up the API key to find which user it belongs to, while that can work I think it will conflict with JWT auth since its configured as a filter, and [Authorize] attributes won't work with API keys, and as well as I think looking up the DB on every request is expensive.
Ответитьwhy not use AuthenticationHandler and the default [Authorize]?
ОтветитьExcellent tutorial - thanks
ОтветитьThat's great explanation. Thanks.
ОтветитьThis was exactly what I needed. Now maze makes way more sense!
ОтветитьI wonder is it possible the have the Authorization Filter attribute on the class level, but then override that with another Authorization Filter at the method level. That was by default the methods are safe, unless otherwise indicated.
I know you can set Filter orders but they still both get fired.
is it possible to use [AllowAnonymous] annotation to bypass the middleware?
ОтветитьId love to see example of storing multiple API Keys in database and comparing the header key to those in the database. I have a scenario where I will have multiple clients using the API and would like to have a different API Key to give them access to their own data. Great video !
ОтветитьWould love a video on building a throttle mechanism where its not waiting in memory but in a queue or database
ОтветитьI finally can understand this concept to it's fullest. Thanx for the great content
ОтветитьTak! Brilliant video! Covers all my thoughts and questions about API Keys in one video!
ОтветитьOMG asp net core si solo cool 🥹🥹
ОтветитьAlways great!!!!
ОтветитьAm I crazy? I’ve always found the swagger ui has the lock icons mixed up. Why would the lock be LOCKED when the api is unlocked and authorized for use??
ОтветитьHello Nick can you please do a video on difference between .UseRouteing() and .UseEndpoints()?
This thing is everywhere stackoverflow / reddit but still not clear enough!
one of your best videos so far 👌🏻
Ответить