ASP.NET Core Web API Identity JWT 2024 - 24. Login

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so fortunately for us the only thing that we have to do is log in and all that the login entails is finding the user and checking if the password is correct and the way that we're going to do that is number one we're going to use two things we're going to use the user manager and the signin manager so we're going to be utilizing both of them user manager is going to be what we use to find the user and the signin manager what we're going to use to check the password uh pretty easy to understand I don't think you guys are going to have any trouble so let's just go ahead let's dive into the account controller and let's go ahead make our login so I'm going to say HTTP uh post and this is going to be a login and remember it's post because we're creating data we are going to create a user we're going to go down here of course we're going to make this async why would we not going to say I action result going to call this login and we are going to pass it a login dto which we have not created yet but we can create it very quickly so I'm going to say login dto and go down here I'm going to go ahead and create the function so let me see here first thing that I'm going to do is go to the account and just go to new C class and we'll call this login dto and the login dto you guessed it is going to have a username and a password pretty simple but we still need to make a dto because we're going to have to apply data annotations to this so I'm going to say public string username we're going to say Get Set and then I'm going to go down here I'm going to say required going to say public string password need to say Get Set looks good then we we can go back into our account controller and I think it already found it so um if it didn't find it we can go back and change it but it looks like it found it so first thing that we're going to do is we're going to check the model State because we had to pass a complex dto we had to pass a complex type in here and the model state is going to check that for us so I'm going to say model state is valid and if it is not valid you guessed it we will return bad request so I'm going to say uh bad request and we'll pass in the model State and now what we need to do is we're going to find the user remember back on the Whiteboard I said one of the things that we had to do is we have to find the user and the way that we're going to find that user is we're going to use our user manager which we've already brought in it's going to have a property for us that will automatically make it so that we can get the user and we don't have to go in our application DB context I'm going to say for first our default X and we're going to find it by the username you could do you could do email if you want to but I'm going to say username so I'm going to log in by username and say x. username and we're going to check uh here to make sure that it is indeed the username and we are going to to lowercase it that looks good so here we're going to check if we have so if it did find the user so if user or if it didn't find the user we're going to check and and say return unauthorized so if there is no user we can say invalid username invalid user name and I'm going to lowercase that I think that I'm going to put an exclamation mark I think it makes it look a little bit better okay so now I'm going to do what I'm going to do is I'm going to use the sign in manager and we don't have let's make sure we don't we don't have the sign in manager so we need to bring it in I'm going to go to here going to to say sign in manager and I'm going to pass in the app user and I'm going to say sign in manager then I'm going to go up here I'm going to bring it in through private read only sign in manager so I going to say sign in manager then pass in the app user and go to here's sign in manager okay so now we have the signin manager sign in manager is going to be asynchronous I'm going to say signin manager. check password async go ahead pass in the user and we're going to pass in the password so login dto we're going to pass it in straight from the dto and we are going to say false for let me see here so I'm going say false go ahead check to see the bull is going to be lockout on failure so we're not going if you actually turn this to true or you leave it without lock in on failure or lock out on failure you're going to get lots of issues in terms of it like I said locking you out and it's going to be pretty annoying so if you want to wrestle with the lockout failure which a lot of people get hung up on you can go ahead feel free to pass true in there but if you just want to turn it off I think it's probably better just to turn it off in this case Okay so going to say it so if it did not log in successfully so result dot succeeded so if it did not uh log in successful we want to return unauthorized and we'll say username we will say username not found and or password incorrect we don't want to explicitly tell them because that could be uh make it easier on them if they're hackers so next thing I'm going to go down I'm going to say return and we're going to return our user and we're going to do so in the form of a dto or just use the new user dto that we created before so say new new user dto going to go down here go ahead I'm going to put a semicolon right here then going to say username so username is equal to user. username is equal to email is equal to user. email and say token is equal to token service and we're going to go ahead create our token and then we're going to pass it the user and it will do everything for us okay so that is pretty much looking good to go I don't think that there's anything else that we need to do so what I'm going to do is I'm going to go ahead CD within my API I'm going to go net watchat run okay looking good so I'm going to go ahead register a new user I'm going to call this username and I'll call this investor investor 111 I'm going to do the same thing for the email so investor investor investor 111 and I'm going to give it a password password 111 maybe add exclamation mark there just for good luck okay that looks good so let's go ahead let's test out our [Music] login okay and I'm going to go investor investor 111 then I'm going to go password pass word underscore 1111 go ahead execute and that is looking good so the last thing that we need to do or the I guess it would be the next thing that we need to do is we need to go ahead and set up Swagger so that we can go ahead and get everything uh set up so that we can test with swagger very easily so what I'm going to do is I'm going to leave a link down below and this is going to have the ad Swagger gen or this is going to be just some code that you can copy and paste directly into to your program.cs file so that your uh Swagger will have JWT built into it and you don't have to mess with it all this all the time so what I'm going to do is I'm going to go up into my builder. services and right under builder. Swagger genen I'm going to go into here and add Swagger gen and we're going to add the JWT to it so that we can see we can actually see it and go ahead so everything looks looks good I'm going to go ahead do a cold restart and now we have our authorize right here so that we can go ahead and we can just paste our JWT into it so I'm going to go into here I'm going to say um in I'm going to go ahead and log in again so investor investor 111 say pass word 1111 add exclamation mark that looks good go ahead grab our token right here so go ahead grab this then I'm going to go up into here and paste it within the bare amount then let's go ahead let's test out one of our stock controller so let's go ahead and just test out the get all and add and authorize to make sure that it is indeed authorizing us correctly so go ahead make sure you've got your authorized loaded up make sure you got your post then go down go here not going to put any type of parameters in it I'm just going to go ahead click execute and we are good to go so just make sure that you are you've locked down an API endpoint you've got your beer loaded into the actual Swagger you're not using any type of prams I guess you could use prams and then you go ahead and hit execute and you should get something back anyways hope that you guys enjoyed this if you did make sure to smash that like button make sure to smash that subscribe button and as always thank you for watching
Info
Channel: Teddy Smith
Views: 6,515
Rating: undefined out of 5
Keywords: software development, programming, engineering
Id: WkFHTISvO4Q
Channel Id: undefined
Length: 10min 28sec (628 seconds)
Published: Thu Jan 25 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.