ASP.NET Core Web API Identity JWT 2024 - 22. Register

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay guys we are the bald eagles of the tech world we are strong we are powerful and what we're going to do is we're going to swoop down grab that email right out of the user's hands like a little salmon bring it back to our Nest which is our database and feed our baby chicks and when we do this we are going to be using the user manager now thankfully for us the user manager is going to pretty much take care of everything so we don't really even have to do much because the user manager is going to provide us with this thing called create a sync create a sync is a insane method it's going to you literally just pass in the user you pass in the password it's going to hash and salt it for you and then it's going to put it in your database and whenever you look at the quote unquote password it's going to look like this and the reason is it looks like that is because it's been hashed and solved now hashing is kind of complicated but in a nutshell this is the reason that we need to hash things you hash things because if somebody breaks into your database you don't want them to be able to see the words in clear text and you want to make it a little difficult for them to be able to get the passwords now somebody breaks into your database that there is a possibility that they have access to some type of supercomputer and they could maybe you know decipher all the passwords but most of the time it's going to be very difficult for them but the way that hashing it works and the reason that people use it is because it is a oneway function if you pass in password into a hashing function it is always going to equal this number if you pass in password again it is going to equal this number but if say if you passed in password just with a one at the end it is going to be an entirely new hash it will look entirely different and that is the reason that we have hashes cuz think about it if somebody breaks into the database there's there's no way that they could possibly even be able to begin to see what passwords are because everything is so different and it goes for the same thing and if I pass you know password in again just like this it's going to be the exact same number as it was before let's go ahead let's hop inside vs code and let's get coding okay so we are inside of vs code and first thing that we're going to do is go within our controller F controller file and we're going to create an account controller because we don't want be putting uh register and log in inside of any other controller we need to create a separate one and as always we're going to go into here uh import our controller base go ahead bring it in looking good and we also need to assign the URL so we'll say route um go ahead in here and we'll put a string with API and account you could leave this blank and it will automatically assign everything for you but I like to make sure everything's lowercase because I think it looks better okay so go ahead at the API controller we're going to be bringing in the user manager remember we need the user manager and I think for right for right now we can just get away with just having the user manager we're going to have to add some stuff later but uh like I said user manager takes care of a lot so go into here we's say user manager go up here we're going to add add it as a private property say read only user manager and we'll say app user and underscore user manager okay then we're going to go down here and this is where we're going to assign it to the uh private readon property so it's going to go down through the Constructor go up into this right here and it's going to assign it and it's looks like that cuz we haven't actually used it yet so here's where we're going to actually create the endpoint so it's going to be a post because we're going to be submitting Json data and it's a creation because you're registering the user so we're going to go register and that should do it but we still it's not it that's not everything I should I guess I speaking a little bit too soon we still have to en code a lot more it's not totally it you know what I mean okay action results and we're going to go register and we're going to say from body and this is where we're going to pass our register dto now we haven't created the register dto and we need to have a dto here because you need to provide really strict validation because when people submit their emails they're going to try to do whatever they can not to submit a real email not submit an email so you need to we need to create a dto to provide a lot of validation okay so I'm going to go ahead create another folder here I'm going to call this C account and I'm going to say register dto so we'll say register dto okay and the register dto is going to be uh relatively simple so we'll say prop we're going to pass in a string it's going to be optional we'll have username and even though we're going to make it optional it's actually not going to be optional we're going to make it required because you're going to have to require you uh people to input their username of course and then we're going to go down here and we're going to this is where we're going to do the email and net core uh provides you with an annotation that automatically does the email address for you or checks validation for the email address so we'll go ahead and just use that string optional we're going to say email then we're going to go down here and this is where we're going to input the password so there's all different types of ways you could add validations for password right now uh we're just going to use the required but just remember that you could add some type of reject and you can do all types of things to make sure that the password is required but a lot of the validation is actually going to be handled by the create async and the user manager validation so one last thing that we have to do is before you can actually create any users you have to see the roles um whenever you try to create a user and you don't have a role associated with it it's going to give you an error and we told identity that we were going to use roles and we are going to be using roles so before uh we do before we're actually able to even log anybody in there has to be at least one role in there and we're going to create a user role and an admin roll and it kind of just makes sense there's going to be regular users and there's going to be admins who are going to have more Privileges and will be able to access uh different API and points that regular users cannot access so we're going to go into here I'm going to say on model creating going to go ahead pass in a builder and then go down here and this is where we're going to ins insert the identity R so say I a list of identity R and we'll just call this roles and say list identity roll okay then we're going to go down here and we're going to new up a couple of identities so or identity roles I should say so we'll say identity R go back down here and this one will be our admin so we'll have one admin roll and we'll have um one with a normalized name and normalized name all it means is that it's capitalize so go down here and we'll just go ahead copy and paste this down down and change it to user so we're going to go to here we're going to have user we'll say user then we need to add this and also we need to add it so we just created it but we have to actually add it and the way that we do that is just go down here we're going to say identity R um then we're going to say has data and we're going to go ahead pass in the roles okay so that is looking good looks like my winter is not picking that up so I'll just move that over then what we're going to do is we're going to go back we're going to bring in our register dto and here is where things are going to get interesting so first thing that we're going to do is we're going to go within our register here and we're going to wrap everything in a tri catch because there are a lot of different server errors that can happen whenever you use the user manager and whenever you use create async because you have to think it is going to validate for the password complexity it's going to do all types of validation on its own and if you don't have anything to catch it it's going to cause a lot of problems so that's the reason we're going to wrap it in and try catch also we need to do a little bit of validation at the top that we already have within our dto so we're going to go up here and we're just going to do our good old model State validation and this is what's going to catch all the errors within or what that we declared within our dto um go down first we're going to spin up an app user really quickly and we're going to say app user and this could also be a great place to add other things if you want to as well too if you want to uh also maybe have them log in through maybe just the username but we're going to do the username and the p and the email so we're going to go register dto we're going to say uh uh username then we're going to go down here and we're going to say email say email we're going to get everything through the register dto so I go email looking good and you could just do the you could just do the email if you want to a lot of websites just have it to where you just you just do the E you just do the email but we're going to do both and we're going to go ahead and use our long awaited user manager this user manager that I keep talking about in this create async very powerful method that we have here and of course after we spin up we just created our app user we're going to pass in directly our password through the dto that we're going to accept through the endpoint so going to go password okay that looks good so we can go down here so when the create async actually returns it is going to return an object that's going to have properties on it that are going to allow you to check and and if that's confusing I'll show you what I mean here so we're going to say created user I'm going to call this created I think that's more appropriate so created user do succeeded so the the also the user manager is going to put properties on on it on the object that's going to tell us of whether it was successful or not we're going to use these properties to do all of our logic so I'm going to go roll uh we need to do our roll now so I'm going to call this roll result and we're going to go back into our user manager we're going to add to roll async and this is very similar to the create async but it's for rolls and pass in the user we just created and we're going to anybody that signs in through the register endpoint we are going to assign the user role so we seated our user role within our application DB we've added our user and our admin you probably don't want to be assigning admin roles straight out of the register endpoint what what you want to do is either add add them manually or create another point that allows you to add users with admin rals I would not allow people or allow some type of secret mechanism to assign Adam minerals through a public endpoint like that I don't think that's probably a good idea my opinion okay and if it does work we'll say user created and once again the RO result or the add roll to async is going to return an object that's going to tell us of whether it was successful UC F or not and if it's not successful which there's highly there's a good chance it might not be what we're going to do is we're going to return an error we'll return a status code we'll say return status code of 500 and that is a uh just a server error we'll say errors you can put batter request I don't think battery I'm going to do a status code 500 but you could also put battery Quest there if you want to as well too does probably not going to hurt much okay so now after if so if the created user is not successful we also need to handle that and the way that we're going to do that is we're just going to go down here and we're going to return a St another status code that says it was uh something bad happened this status code is going to be for the created user so if the created user does not uh successfully log in we're also going to get an error and key point that like I said whenever we return something from the create async or the user manager it's going to come in the form of an object so you're going to get all types of goodies you're going to get errors uh it's going to return errors for you it's going to return whether it was successful or not and it's another thing that is a part of the beauty of identity it's going to do a lot of stuff for you and just to catch anything else I'm not aware of any other type of error but like I said these things are very complex uh the identity the user manager is very complex so if we get any other exception it's going to catch it and our it's going to catch it and it's going to tell us through the tri catch so before we do anything else we need to run the migration so that our admin and our user are seated so we're going to have to do a migration and what I'm going to do is just go to my keypad and I'm going to go up on the keyboard go back up to net EF migrations I'm going to call this seed roll actually prac this before so I I have one already lined up I'm going to go net EF migrations add we're going to go uh add seed Roll Call It Whatever you want so you don't have to call it seed roll then I'm going to go up again and then I'm going to do netf database update and everything went through so first thing is we need to check to make sure that it actually seated the roles so let's go within our roles right here we we have the user we have the admin if you don't have those or if those are not in there the register is not going to work so please make sure you have those and we're going to go within Swagger really quickly actually let's do another cold restart oh wait a second it's not even start so I'm just going to go net watch run so net watch run looks like we are good to go everything is loading up correctly and I'm going to go into here and give this just some random usernames I'm going to call this investor 44 4 we go investor 444 Gmail so investor 444 gmail.com I'm going to give it a supposedly secure password I'm going to say password I'm going to say 444 looking good and let's test it out see if it works user created we are good to go but let's not celebrate too early let's also go inside the database and make sure that it actually created it so go to asp.net user select the top 1,000 rows and we have investor 444 that's the register next we're moving on to tokens hope you guys enjoyed this if you did make sure to smash that like button smash that subscribe button and as always thank you for watching
Info
Channel: Teddy Smith
Views: 2,141
Rating: undefined out of 5
Keywords: software development, programming, engineering
Id: XeHjiWKHgdc
Channel Id: undefined
Length: 16min 13sec (973 seconds)
Published: Tue Jan 23 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.