ASP NET CORE 6 API : HOW TO GET USER ID OF CURRENTLY LOGGED IN USER using HTTPCONTEXT - Part 13

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

good day coders this is bhagavat and today we are back with another video where we simplify these coding concepts so the most the main focus of this video is going through a step-by-step process to creating like an endpoint to get our currently uh logged in users user id right without having to pass it in like our request parameter right so i'll show you two approach and the first one is like the most commonly one the most commonly used one and the second one is like the most efficient way right so my advice is before you uh go about tackling this you should also watch my video on a user authentication using jwt right which is json web token so now let's get to the code all right so what you need to do is um so the main the common approach that developers use is they will have like an http get right and then we'll just say users and just have like a user id this is passing like the user's id through quiz parameter right and then don't have an async i action and then you'll take it user id right which is an end id and then this in id will return an okay with a new user id which is equal to this id right okay so this is the most like the first approach right so uh let's go about now testing this right if this actually works so we'll go in our postman so i've already created these endpoints so get current user so if you take this endpoint uh we should get the user id equals to one right and then now um i'll show you like um the problem with this is let's say now you want to verify if a user a logged in user or this user is actually linked to a specific task right um so with this you also need to pass in like the task id so you'll have to also pass in like the task id and then you'll use this task id to actually query from the task um id and actually see if this id actually matches to this user's uh user id right so that's just an overkill right so because we know that we've set up like our token right which already has like our user data right so what we can do over here is still have the same approach where we create this get uh http get right and then right over here we wanna have like our users right then we'll just have current so current this is just to signify that this is like an endpoint for getting our current user and then public ac this is the task i action i i action resolved no no no no no i action is alt right and then this is get logged in all right let's might get wrong so get a logged in user id so this will return like all the same thing right but just now what we're going to use is actually uh access our user id through our claims right so how we go about doing that is we'll have an http context so http context then we'll access our user dot and then we want to find the first value and then here we'll pass in like our actual claim name right so our claim name here is actually um user id so so if you watch my user authentication uh with json web token you'll actually see how i actually implemented like the claims from rj uh our token right so yeah so now we see like we've got like a red squiggly line and this is because this returns to us like a string and we need to convert this to an integer so we'll just say end to end right and 82 right and yeah this should actually give us something uh so if we stopped and we run this right so what this would do for us is let's come here i'm gonna actually remove this guy and actually test this right so if we test this what we see here is we get like our user id uh which is zero right so the reason for this is because we didn't pass in like a token and it doesn't know what this user is and which so since we didn't pass in a user uh a token this will actually cheat it as this user is not actually logged in right so now let's see if what what would happen if we actually pass in like our token right we pass in like our token [Music] and we just say this and save and actually come here and we run this now this changes to say user id equals to 2 because it can extract that from our like jwt token right so but um since this functionality is trying to get like the currently logged in users id right we don't want to call this endpoint if the user is not actually logged in right so how we can actually prevent that is act add an extra layer of protection um or security where we can just say users can only use this right so only authorized users can use this endpoint so what would happen now since we still have like our token if we just hit submit yeah we'll get the same results but if we actually remove this over here and save this right it should actually uh send us like a 401 right this say status for one unauthorized user so unauthorized users can't actually use this endpoint yeah so that's it for this video so if you like this video and you're new to the channel please don't forget to like share and subscribe now peace

Info

Channel: BugArray

Views: 15,052

Rating: undefined out of 5

Keywords:

Id: 1CJnq-MhusE

Channel Id: undefined

Length: 7min 21sec (441 seconds)

Published: Thu Aug 11 2022