Комментарии:
How to generate the jwt token without using the cli? I would like to generate it in the code as usual
ОтветитьExcellent explanation sir. ❤
ОтветитьNice tip about the requirements. Going to use something similar to that :)
Something else I think would be interesting would be talking about the difference between a dev-environment and publishing when it comes to auth. I had to do a lot of digging and altering of the code to make things work when published. What I mean is that when you develop, you get a handy IdentityServer Key called just "Development" and it does all the magic, but when you publish, you don't have that. I had to generate my own pfx-file with a RsaCertificate, and then change the Type of Key to "File" instead of development. That also caused me to have to change quite a bit in the Program Startup, e.g. I had to use builder.Services.AddAuthentication(Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme).AddIdentityServerJwt(); in order for the certificate file to be read. In short, it took a lot of trial and error to get it working and to me it made little sense to do all these steps. The weird part is also that I barely ever see any mention of these "issues" in tutorials. On top of this, IdentityServer is now from Duende, which is a commercial license when published. For companies making less than 1 mil it's free though.
The app in question was made on .NET 5 to start with and has later been upgraded to 7. Perhaps there are easier ways now? Or better ways you can show?
Another idea: How to protect files or paths that aren't made through AJAX/API-calls? E.g. /invoice/1/pdf/ showing a pdf-version of the invoice in the browser. JWT won't work. Cookies do, but how to best mix them in an app and handle it correctly?
Hi!
Could you give me source code of this project please???
Excellent explanation .. very simplified.
ОтветитьFantastic video, thanks, QQ, if I want to manage the role membership on my own DB (authentication remains on the identity provider, but not the roles), the right way to do it today is via that same Policy mechanism you used for the age requirement?
ОтветитьThanks that fills in the blanks! One question, if someone hits the rental endpoint and doesn't meet the age requirement is there a clean way to return in the body of the 403 Forbidden response what they are missing?
ОтветитьGreat video, well explained. You should possibly look into securing this token in the client side if that is not a topic that is too broad.
ОтветитьGreat vid mate
ОтветитьI just have one comment regarding your blazor authentication videos. One thing I think was missing, was a good example on how to redirect you to the login page if not authenticated. I have not found any good built in solution.
ОтветитьGreat content. Thank you Sir
ОтветитьFinally here it is
ОтветитьSay this API is for a Mobile App, How would you handle sign up / login on the server? How would you generate the jwt tokens in production?
ОтветитьDan, get a mechanical keyboard to add some sweet, sweet ASMR to your videos. Will help you get more views
ОтветитьThank you very much. Great content.
ОтветитьThanks Mr.Dan
I hope you talk about how to do permissions like "CanAdd, CanEdit, CanDelete,..." for role/user per page
is it possible to write an own "Dekorator" like [AllowMinAge("18")] or similar? Great Video thx for the deeper dive in this topic *thumbsUp
ОтветитьExcellent intro to JWT! Would like to add that you can also decorate an individual action with [AllowAnonymous] when the whole controller requires authentication, if for that one action anyone would be allowed to access.
ОтветитьMulțumim!
Ответить