ASP.NET Core 3 - Authentication - Ep.1 Basics (Claims/ClaimsIdentity/ClaimsPrincipal/Authorization)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
everyone welcome to another series these series are going to be around authentication and this first episode we're going to talk a little bit about the Middle where changes in dotnet core 3 and how to wire it up so we're gonna start from the basics and the main thing that I'm gonna try to make a point of is to explain what it is that is a user and how it is represented so you know an object orientation and you basically grab an object you specify its properties properties right so here we're gonna try to understand when it is that you sign in into an application what is this user and basically how its created and where it's stored ok so let's go ahead and create a new project I'm gonna take asp.net web application let's click Next I'm gonna give it a project name of basics and solution name I'll just give it off and take Asian I'm just gonna select a different folder to put this into let's create a new folder here say actually that should create a for the folder for me so yeah well let's create that and I'm gonna start with just the empty template okay so let's close that and let's quickly go into the startup dots yes I'm not gonna go over and too much it's just too much about dr. core 3 just to basically make a point of ASB oh sorry oh about the use routing and that use end points just so you know use routing looks at the route that you're accessing and then decides which endpoint is going to be used so and the endpoint is going to be the functionality right so whichever action you write that is going to be mapped to and to an end point and use routing is what is going to decide which endpoint is going to be invoked so let's go ahead and just set up MVC and this is just going to be the standard way to showcase authentication right so we're gonna map controllers and I'm actually gonna the map controllers with default yep my default controller route so this is going to give me the default notation for controllers and the next thing that I will need to do is in services I will need to add the controllers with views so just so I can have some views as well all right so now I'm gonna go ahead I'm gonna create a new folder I'm gonna call it controllers and and then in there I will just create a home controller that's a yes and here let's go ahead and inherit from controller so this is going to be our first controller we're gonna import s peanut core MVC clean up so let's create a public eye action result index and this is just going to be the home page then I want to create a page with that we are going to authorize right so this authorization attribute we'll talk about in a second but I'm gonna call this page a secret okay and let's just return view so we can have these thingies here and let's create another one and this will be authenticate so this is when we're actually going to be creating the user right so this is going to be the main star of the show and once we're done I'm just gonna go ahead and redirect to action index and voila okay so authorize attribute is mainly used to basically guard an action so let's say we have this secret action and we just want to authorize someone right so authorization basically asks the question are you allowed to come here and what this is going to do this authorization attribute is let's launch it and let's take a look first of all we're gonna get an error and this error will be justifiable so we shouldn't have a page oh we don't have pages so let's go ahead and quickly set that up views home and xes HTML let's give this an h1 of homepage let's create a few more pages I'll call one secret CS HTML I'll call this seeker page let's create another one and actually no we don't need another one what this will do essentially give me two pages I'll refresh this and I will end up on the home page hopefully and I will use the routing to navigate okay so we're on the home page and now if I will go on to the secret page what will happen is first of all in the startup will help hit the user outing point of the middleware and then it will find which end point we want to go to okay so let's go ahead and go there and we get a 404 because I have not specified controller so slash home secret page okay so here we get an exception that we is basically saying you don't have any authorization middleware so what it's trying to tell us is right I'm trying to ask the question are you allowed to come here but I don't know how because we haven't told it where or how so depending on where we put it in this middleware that's at the point that it's going to ask the question so let's go ahead and try to ask the question of authorization before we found out what route it is right so we're gonna try to authorize before we even know which action we're trying to go to okay so let's go back here and let's try to go to home secret again and we arrived at the secret page right so how could we arrive here we're not we we haven't done anything so this is authorization attribute isn't guarding so what happens is we reach authorization here and it sort of safely exits it fails here but safely exits and then it finds which route we have to be then it finds the action and a tag is good so this authorized attribute doesn't really mean anything if it's not found at the correct time okay so if we put it after we found the routing so we find the route we find which action we want to execute and now we basically try to authorize okay so let's go ahead and give this refresh and now once we try to access home dot secret this is where it's basically telling us right you need authentication and the reason it's asking for authentication is because to basically to be able to ask are you allowed to go here we need to know who you are if we don't know anything about you you're not allowed to go here but we can't even ask the question of are you allowed to go here if we don't know who you are or we have no way to find out so let's go ahead and do what it suggests us to do to basically add the authentication scheme so here we're gonna go into services and what this service will allow us to do it will create an object that will be injected into the authorization as a handler so it will this is trying to execute a function which will essentially try to find the user context but we don't have anything that anything for that handler to be injected into one of the services inside authorization okay so let's go ahead and services and add authentication right and I'm just gonna call this schema cookie off okay because what I'm gonna do is I'm gonna add a cookie schema like this I'm gonna give it some configuration right and what this configuration will do is essentially allow me to configure this how this authentication works so I can do stuff like set the login path I can give this cookie a new name so I can say let's say ramus dot cookie okay so this is going to be the grandmas cookie so here what we're specifying is a cookie handler so this is going to be producing a implementation of an eye authentication Handler and it's going to be a cookie Handler okay which is and that implementation is going to be injected into here and now it will be able to check if your Authenticator or not okay so let's see what we end up with let's refresh this okay so now what it's doing is it's trying to redirect us to account slash login and this is the default way and this is really something that we can fix here so the login path let's specify slash home slash authenticate so what's gonna happen is I'm gonna try to redirect to this route and I'm gonna just say right just create a user right there there's gonna be no login forms nothing right so just remember this is the base this is the default value for the login path so let's go ahead and refresh this let's go to home secret against own secret okay and read their access to the home page so what happened essentially it redirected us to the authenticate page and then we ended up back at the home page okay cool can we access the home secret page again if not we'll end up at the index page again and we do so basically right now it's recognizing that we are not not authorized because it just doesn't know who we are okay because we haven't told it told the application who we are so now that it has a way to tell who we are when we try to when it asks the question are you allowed to go here basically because the cookie is missing because we don't have one so if we go into applications and cookies we don't have any cookies for this website so we don't have a cookie it doesn't know who we are you're not getting in right if you don't have the grandmas cookie all right so let's go ahead into this authenticate function and now in here we're gonna create a user right so what is a user so if you think about how you're modeled in real life you either have like a passport or you have a driving license or you know you have some kind of relative that can vouch for yourself so let's say we'll pick two examples to create or to basically build up an identity okay so let's first a part of the your identity will be let's say that the grandma will say who you are okay so let's say grandma claims and this is going to be a list of the claim object now it's important to understand that the claim is an abstract concept and the claim object is an implementation right so this is not specific to Microsoft as this object is just specific to c-sharp and how Microsoft chose to implement implement claims okay so grandma claims right for our claims we can go ahead create new claim and their parameters are pretty much key or what kind of claim it is so we can say claim type and it'll be stuff like name so according to your grandma you're Bob and Agoura and according to her your email is at Bob F mail comm right and then you know your grandma she might say something nice about you but this will be a claim that is unique to the grandma right so it will be like a grandma dot says a very very nice boy okay so this is something that your gramma says about you but because we trust your grandma as an authority we will accept her description of you and if she recognizes you we will allow you to authenticate so the next thing that we're gonna do is we're basically gonna create an identity based on these claims right so let's create a grandma identity so this will be a new claims identity and we're just gonna pass grandma claims here and we're gonna say that it's grandma identity right so we're basically just giving this a name that this is where the the identity claims come from right so your grandma claims that your this and we trust your grandma so we allow you to be identified as grandpa grandma claims right and then what we do is we go ahead and create a user principle which is going to be a claims principle and what this is going to accept is an array of claims I claim identities right so as I said in the beginning you can consist of many identities because many authorities can say who you are so Facebook and Google may see you may be authenticated with different emails different names and but once you authenticate you can have many identities but you are essentially you have the same information or you sorry you have different information according to the correct authority so let's go ahead and create a second one so license claims so you shouldn't shown your Driving's or driver's license and this is what these are going to be and let's say let's copy it so these claims this is really just another example so driving license let's say a plus alright so you're a very good driver I don't know what driving claims you all right and let's say that name they know your full name and like your grandma who has Alzheimer's and let's say you're Bob Kay OOP okay and let's go ahead and create a license identity let's have license and here we're gonna pretty much say that this is I don't know the government who looks up looks after licenses this is what they say in their old driving license Department about you right and because we trust the driving license Department we're gonna allow you to have these this identity as well okay so once we have the this user principle which is essentially a collector can be a collection of identities and different claims what we're gonna do is again this is an implementation the.net core provides to you we are gonna grab the HTTP context and we're gonna call the sign and async function you won't see it straight away but you will need to import the Microsoft ASP non-core authentication package and we're gonna put in user principle into here okay and the essence basically what this function does the first part is sort of building up your identity so if you ever used Microsoft identity where you have your own users and passwords etc once you are authenticated it's gonna grab all the stuff from the database it's gonna assemble it into these objects and it's gonna go ahead and create this user principle and under the hood it will call this function okay and this is all that it's doing and this is the base implementation sort of thing so let's go ahead and see how this works go ahead and run this so we're on the home page let's go ahead into home secret and now we should be able to see a cookie so here we have a grandma's cookie and in here in the value essentially this is what represents you as this object and now if we're gonna go into home secret we're still not going to be able to read that reach that page because the reason is going to be the same as for the first time that we tried to hit this authorize point is that in the middle we're rather the middleware needs to be able to check who we are okay so we have the providers but we are not actually bringing it up in the middle work so let's go ahead and use authentication but we're gonna use it after authorization right so the logical steps are to know to ask if you are allowed to go here we need to know who you are right so this asks who sorry not who are you are you allowed right and if we say something like who are you and we'll use app use authentication right so think about this logically who are you if we ask who are you after if you are allowed it doesn't really match because we need to know who you are after we ask and and are ok we know who you are and are you allowed to go here so this should the behavior should be identical so we will keep getting redirected so what we want to do is ask who you are before we ask if you are allowed right so here is where again this is going to be injected and the HTTP context user object so this object here will be populated from the cookie and the session and this is when the authorization middleware will be able to utilize what has been populated here to basically then say right are you actually allowed to reach this endpoint that the users routing has found here and this is where the functionality for this function will actually be executed okay so let's go ahead and launch this and because when we launch this the cookie is saved in the browser let's go ahead to home secret and now we can reach the page okay so this is the basics of how authentication works and how the authentication middleware essentially finds the route and when it finds the route it already knows which endpoint to execute okay so then we are basically using this middleware user sent ocation middleware to populate our user object inside the HTTP context and then we use authorization for what we have populated here to essentially decide right are you allowed to go here and if we have not not populated anything here the authorize attribute doesn't know if we're not even using it the authorize attribute doesn't know how to ask the question and then if we essentially according to these two middle words we pass and are allowed to use this function we can go ahead and execute it okay so this will be it for this episode thanks for watching if you enjoyed it leave a like subscribe as always if you have any questions leave them in the comments I love answering your questions and as always seeing my other episodes
Info
Channel: Raw Coding
Views: 278,350
Rating: 4.9341564 out of 5
Keywords: .net core 3, .net core 3 tutorial, asp.net core 3, asp.net core 3 tutorial, auth, authentication, authorization, authentication tutorial, authorization tutorial, Claims, ClaimsIdentity, ClaimsPrincipal, Identity
Id: Fhfvbl_KbWo
Channel Id: undefined
Length: 21min 31sec (1291 seconds)
Published: Mon Oct 07 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.