Custom Cookie & Role-Based Authentication in .NET 8 Blazor Web App with Interactive Server Render

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello dear friends and lovely people you're  welcome to net code Hub channel I am Frederick   as you know and I'm happy to have you here  today in this video we are going to look at   how to implement custom quickly authentication  system in net8 web app with interactive server   render mode I have already made a video on how  to implement custom JWT authentication uh with   row and a referesh token support if you have  watch that video check this video description   and you're going to find it in there you can  also support this channel by clicking on the   like button and also subscribing to this channel  if you haven't done that as well you can also   buy me coffee to support this um Channel too now  maybe you'll be asking yourself what is quickie   authentication well if you did ask then I got  you okay I got your back cookie authentication   is a common method used in web development to  manage user authentication session in a Blazer   app which is web framework by Microsoft for  building interactive we applications as you   know cookie authentication is of often employed  to handle user authentication and authorization   checking who the person is and now checking what  the person can do let me give you some general   overview of how C authentication work in Blazer  applications when logs in the server validate   their credentials upon successful authentication  the server generates a unique authentication token   and that is known as the encrypted cookie which  is sent to the users browser now with the cookie   storage the authentication or the token is stored  in the users browser and to precise cookie storage   the browser automatically includes this token in  a subsequent HTTP request to the server now when   it gets to the request authentication what does  it do for each subsequent request that um it made   the server checks for the presence and validity  of the authentication token that is a cookie   if the token is valid then the server consider  the request authenticated and now processes it   accordingly but what of if the token is invalid  then the server May respond with a a code that   the client needs to login again so absolutely  it's going to deny the assess now when it comes   to searing management how does it work the cookie  typically has an expiration time so normally when   you create cookie you have an expired date now if  the user logs out or if the session expired the   server invalidate the cookie and then the user is  required to login again so in the cookie system or   the authentication system you can extend the  live span of a cookie okay inbl server it's   possible to do that so this is how actually  the system works all right so now you have   the overview of it let's put this into an actual  implementation so that it becomes clear to you as   well all right so make sure you have your Visual  Studio launched and we're going to create a new project this is going to be web app the name  here is going to be demo Blazer interactive   server cookie authentication system now if you  want to have the source code you check the video   description and um it will be there waiting for  you trust me okay so let's click on next and here   you know we going to choose the type let's make  it as n because this going to be a customized one   so we didn't not to follow what has been um  created already let's choose the interactive   render mode at server and now per page location  that's interactivity we can leave it per page   or Global any this Okay click on create to get  this project created you make sure the framework   is net 8 because this support the authentication  not authentication the interactivity random mode type so first and first what is the first  thing to do guess what let's install a new   get packages we're going to be using for this  you know we're going to have a connection with   database so which packages are popping in your  mind that is the EF cor SQL server and our tools   isn't it that's fine let's get this package  installed so I click on dependencies and I   go to manag get packages from the browse  session we want to install first for the   identity we need to install microsoft. aset  C identity. EFC so let's install this package the cor that I'm St is 8.0 maybe you may  have higher or yeah I think higher so   all the same so let's install this package  when we are done we're going to install EF core so we need EF core let me clear this e c SQL Server that is this one too  the same version 8.0.1 make   sure the versions actually the same  let's accept this and also the last   one that we need to install here we  need EF c2s to enable us perform DB migration so this one 8.0.1 so when you go to the installed packages  you're going to find all the packages that   we have installed here let's have a look okay so  they are here you can also check from solution   you go to the same dependencies and I visen  packages have you found yours click on this   and we see we have them here right good now  let's build this project to make everything intact you can see that the build is successfully  completed now let's go in there and create our   model right so we're going to create our model and  we need our d2os so what are model what are d2os   model are the same as entities that is database  entities what database they going to use to create   what EF is going to use to create database and the  tables and the columns respectively for us that's   what it needs the model or the entity d2os are  data transfer object to communicate data from a   user that's the end user and the database so it's  in between the middle man right it goes in it goes   out it goes in it goes out as a messenger okay so  we need both for the registration and also for the   login now with this we can create our customized  identity system but for now I want us to use the   built-in by Microsoft soft since we're going to  use a quickie session I think this be better for   us to use it so we're going to use identity  management system now with this identity we   have to create our models and we have to inherit  from Identity us identity row user manager sign   manager and Etc right so that's what you're going  to do here now before we do that let's create a   model first right so let's add a folder to this  and now with this folder let's name this as model now with this model we want to create a  class in here and now this class going to extend   identity um user identity user is a default  class created by the ASP team now it has some   properties such as username telephone number  password and Etc if you want to add an extra   data to collect from the user you can do that  so let's have I'm going to say an application user now with this application user we going to  extend from it's going to inherit from a parent   class known as what guess what that's fine I know  you're saying identity user but I can hear you but   I know you said it right so control period we  need to include this from um the P that we just   installed first one that's identity. EF core why  is it taking long it's still loading suggestions   right okay so let's wait for for the SS to get  loaded that's right we have it now once you have   this we going to now let's have P we're going to  have our string and I'm going to take in name okay   so we need name let me set this as string. empty  maybe you be asking yourself or you be asking me   but I can't hear you but I've seen it okay so  we asking what are the properties that this   identity user contain that I do not conflict it or  duplicate it see if I right click on identity user   and I go to um go to definition let's see what  it has you can see that in here it is inheriting   from this identity user again but when you check  this it t identity user you can see first it has   a property username isn't it now if you want  to find all these properties right click on   this let's go to go to definition again these are  inbuilt so you need not to touch it never touch   it leave it as is it okay before you run into any  error and starts running away you can say t this   username normalize username email normalized email  confirmed email password phone number you can see   so all these are properties that this identity  had so if you want to add any extra you make sure   you Do Not Duplicate anyone in here you pass in a  unique one and name is not added you have username   by name is not actually added that's the reason  why we adding name to this so we're going to have   name email username and password that's only what  we want for our R system if you want to add more   put it here am I making sense that's right now  let's let's see so let's save this we have a model   created now let's create our dto and dto are the  data transfer objects we have to put them in the   folder organization is the key so dto within that  dto let's add our login dto and now register dto   so let's first have our login dto now what are the  properties that we need under login what do you   think what are the ones that you are going to be  using in your login system maybe you want to use   email password yes you want to use these two isn't  it I also want to use a same so let's put them   here we have an email as an attribute that we add  in on top to make it as an attribute to restrict   it in the form of an email we have a password in  here and we need to create our login or register   D2 as well so let's do same D2 add a new class and  I is going to be register dto now this register   dto you know we still going to have this we're  going to need email and password so you know do   know repeat yourself we want to inherit this so we  want to do that this is a login dto yes so go to   this class pick all the members in there and I'll  add it to this virtually is it spiritually okay   so virtually or spiritually for Christians or for  spiritually it but for virtually it is inclusive   physically it is exclusive H that's fine okay so  let's go now Within what are the other property   that we need to add to this maybe since we have  email and password we can add maybe name I think   name isn't it yes so we can add name let me just  make um in here instead of saying email maybe you   can say this your full name so add your full name  so we want to remove this email now this should be   out since it is not an email we have a name in  here and we want to also add password isn't it   good so for this password we want to add confirm  password because you have password set already so   all these are going to be set automatically so we  need not to add this anymore let's cleck that okay   so we have confirm password that's going to be the  name and we have the password in here okay that's   fine we have these two guys in here plus the two  here making four or five this is we have one two   we have two here we can four okay so these are the  properties that we need for registration and for   loging D us they're going to take the data from  the user and I'll bring it to this en model for   you to get to the database and I perform magic  that we want let's save this we can now un close   this peacefully cuz we are done with what we need  let's go to this and we need to also create our   appdb contest and that is actually the data access  layer which going to have access to database pick   a connection getting data in and out here and  there right so let's create our a new folder   to this and I would like to name it as data what  would you like to name yours maybe you can put in   your name but make sure it synchronizes with what  you are doing the contest is the same so let's add   an appdb contest class in here you can give it  a name as well so I'm saying appdb content that   is application database contest class you can  also say DB contest class you can say contest   class can you even put your name. contest class  well it depends on you so app DB contest class I   not to add a class okay because you know it's a  class already all right now this has to inherit   from Identity DB contest you see now with this  aside from this it's not going to inherit from   only this it has this that we can extend as a t  user what a t user here normally we should have   added application not identity user but we need  an application user since we have extended that   class okay so let's include this so this is what  it needs to inherit from then control period we   can generate a Constructor and I'm passing this  appdb contest class in here very very well this   what we need to do okay we don't need to create  any table maybe you're asking yourself okay fine   so we're going to create a table as a user table  right no please don't do that don't do that don't   do that three time do not do that the reason why  I'm saying that is identi be contest class contain   this modus that going to use to create a table  for you so don't add any identity table no let's   see let's say this let's register Connection in  the database or the program CS file we're going   to register Connection in here so maybe before  the build build build right let's do all the   magic in here so first of all there is going to  be a database connection string and you know with   database connection string we have to get this  application DB but we made it as updb contest   so where from this application sorry for that  I don't want to confuse you okay let me clear   that control period we can include this in that  is coming from the data folder right good so we   have a database connection string created but we  don't have the string yet do we Okay we don't so   this what we're going to do quickly we can  just grab this go to the app setting. Json   file and I do that magic in there so from here  we can say that oh see what I've done you see   so here I'm going to say connection string then  the name here is going to be default connection   now with this we're going to say server is going  to be what local so so local for the local datab   local server we have database name here is going  to be demo okay Blazer interactive server DB H   that's fine then you going to say trusted trusted  _ connection set this to true and here you need to   add trust server certificate else going to have an  issue with it TR server certificate set this also   through this all that we need simple change the  name of the DB if you want to can maintain this   change your server name to your server all right  that is it for these two guys they are the same   don't touch it yeah so save this now we are down  here the next thing that we're going to do here is   register this identity um cookie authentication  right that's identity manager so we can do that   first can use build. services. authentication as  we be doing for the JWT you have to also do same   for authentication then options I hit this options  I like to use this one when you compare this which   one is more readable simple is not this one yes so  let's do this and aside from that we need to add   identity manager so default token provider signing  manager Ro manager hi a lot and EF there the entty   Frameworks store right so let's start to do that  in here so builder. services so do add identity   normally I know that here when using the old  version you could pass in your application user   and identity role isn't it but with this Blazer  interactive server do not do that else I'm sure   you're going to have an error you can try that  and see but if you don't want any issue then let's   maintain as this one so instead of Sayid didn't  like just wrong no we want to add core okay let's   add core to this let's specify our application  user so application user and you know this do   you remember this a mod that we created okay now  aside from this we need to okay I can put it on   the same line that mean I like vertical coding  than the horizontal one or oh am I am I deting   you I like the horizontal coding and the vertical  one yes it is more readable to me but well choose   your choice you need to add Entity framework call  so Entity framework call framework store we need   to pass in our appdb contest class you see this  aside from this we need to also add let's add rowes now with this Roots we need to add we  did not create an extension for row right so   let's a default one identity row okay I  like horizontal coding please don't say   anything dot okay then we need to add sign  in so sign in manager and now since we are   trespassing let me put this down here so do  signin manager then we need an application   okay so here usually we supposed to add  application DB contest but here signing   manager is going to do it all for us okay now  aside from that let's add add default token   provider yes let's do this okay so let's save  this let's close this you come back again but   for now let's close it let run it let's bring  the project again then we perform database migration so this is done we go to package manager  console if you're not finding yours please go to   tools or not tools go to views or not views back  to tools we get package manager ah there's a guy   click on this okay so I'm clearing the screen just  like that I haven't started and I'm going to say   add migration and this is able to work because  of the entty framework called. tool package that   we installed if you forget to install this pleas  going to have an error trying to run this so make   sure you have that package installed add migration  and the name here is going to be first and- o   organization is the key and that's an output  where you want to keep it open a folder called   Data create another folder called migrations and  and I'll do your magic in this folder H let's see all right are you there so you can see  that here we have the file created as you   can see abdb um ad migration and these are  all tables from V identity manager okay so   check it up we have aset R aset users I  believe the first time of you saying this   you know it already but if you are new then  these are all tables these are the various   um column names in the table so going the  table name and these are the column names   so all these are from this identity  manager all right now let's update um database so update Dash database yes so this is also  done we can just close this so the next thing to do here is we're going  to create our service you know since you're   not going to expose an API here since a  Blazer interactive server everything is   going to be intact in here so we're going  to create a service which is going to um   have access to our database and start doing  magic in there right for the login on the the   registration as well so I click on this let's  create a service for that so click on folder   and now here this going to be services for  services right click on this let's add a new interface and I'm going to say I account  maybe you can add a service to it but since   I have the folder I don't want to say  I account service again but maybe you   can do that so I account or I account to  be okay for me but I don't know you can   just add it now this ey account we have  to create a response a service response   to return maybe in case you have any  issue so I'm going to create a folder again and now this is going to be um responses now with this I'm going to create a  custom class I'm going to name it as service   response well you can also name the any name that  you feel you want to use it for your service or   your response now this we're to use um a record  we need only a flag and a message in case you   have any error hi get it out for us that is it  so when we come back to the service interface   that we have created you and I have created or  creating we're going to have one we're going to   have a register async and you're going to pass in  a return type of service return service response   we pass the registered dto and we create an  instance as modo we're going to also do same   to the login so you also going to have the login  asnc you pass and login dto and this these are the   payloads right these are going to be retrieve ored  by the system from the user and now when it gets   to the server and I get communicated this going  to be the result the return type you're going to   get from the server and I return to the user so  here is a in here is a out in out in out that's   what it's doing I believe this is clear that's  fine let's create cre you know since we have an   interface we need to create implementation  so we can um bind this together right like   husband and wife okay so now let's create this  and we're going to create you service and you   know this is going to be an implementation not  an interface sorry so this going to be just an   account and now in here what is the next thing  to do you know first we have to inherit it isn't   it I believe this is what you were saying  and that's fine so going to iner from I account yes control period we're going to  implement all the interfaces in here for   now we have how many interfaces two we need  to inject our identity manager NSO our user   manager and rle manager isn't it good so  this what you're going to do let's create   a Constructor in here so CT o r oh c r TR  so CT o r Constructor hit on that and now   here we need to include our user manager  first we create an instance in here so we   need a user manager that is first one we  also need signin manager that is second one we need a r manager that is the fourth one  these are the three serious guy that we need for   this to work and that's a rle manager okay all  right so we have this we going you're going to   right click on any contol period then check  here create and assigned remaining as Fields   not properties go for this one you're going to  have them issued in here you can also use primary   Constructors right but for now you don't want to  do that in the previous video that I have you and   I have done together we use a primary Constructor  so I believe you have the idea but now I want to   maintain this this is the manual way the old way  the traditional way yes I don't want to confuse   you guys for now let's focus on this and later on  you can modify it yourself can't you do it yeah I   trust you okay now aside from that we going to  look at the login or the registration which one   first I think registration must SC before login  how can you log in whil you have not registered   okay so let's jump to then I think we should move  this you register first before you log in that's   the best thing to do okay so for registration you  know here going to be an ASN since we have a task   ASN think that's fine let's first find user by  email the payload that is coming here we want   to find the user first so get user from here okay  passing the login D so here then I think I have to   make it like log D so find the email now if email  is not found what do you want to do what do you   want to do tell the user something right so user  not found or what's okay you know what I'm trying   to implement this in login or it is not login this  is not login this is going to be a registration   right so that's what we want to do before we do  that we want to find the user first right if user   is not equal to now meaning if user exist already  then user already exist because you don't want the   system to have multiple account with same email  oh no user already exists that's fine what user   is not existing we want to populate an instance  of this app application user and now we want   to gather this name username password and on the  email now when you look at the password here you   can see get or set sorted and hash representation  of password for this user so don't think about   having any any property oh is property any  get package to encrypt the password for you   the property here has a get method and as soon as  you retrieve a value here it's going to encrypt it   it's going to have a sort and now hash it so you  w't going to see the raw test you're going to be   encrypted that the reason why I love this identity  so much now I know we having an error here yeah I   know I know you know what to do isn't it aside  from creating this and populating this as a app   user what can you do again we have to create  an account so create it an account you see we   have have it seen so just hit on the top key to  get this account created restore it as a create   user now this could return true or false right  so it could return succeeded or not succeeded so   we need have to check and maybe in case it is not  you can retrieve the error here but you're going   to create a customized error system to handle  this in case it is succeeded we want to do the   following okay but if in case it is not then we  can just start the person hello my friend hello   my dear something occurred so please error so you  could not oh okay oh Fant so error in case it's a   seat user is not created what can we do we want  to create an assign a row to user in my use case   I do say that the first person to Reg the system  automatically is going to be administrator it's   going to be add to the admin Row the subsequent  registrations are going to have a user row that   is my use case what of yours do you like mine  then let's Implement mine okay so we're going   to first find a row manager you're going to find  this row so we're going to check do we have an   admin row created if yes it tells you that admin  row is already created so there's a person who has   been assigned as an admin already so then it's  going to skip if admin row is null it means if   admin row is not created then let's create this  admin row if it is not my friend create it and   after creating the current user at hand please  do assign this user to an admin rule close it   and that is it what of in case it is not so else  if admin is already created then please do check   if we have a user row created so check it for  me what is a response is is the user row you is   the user Row in there is it created yes or no if  it is no then please do create it for me so this   can be in just one line since you have this please  create it for me now when you are done the current   user at hand please do add assign that person  to the user R you see good then what else can   you do after doing all this then creating this or  creating that return this user created success so   let's say user created this is a custom message  you can decide to type in any of yours you want   to add it so you can just return so our system  is created and fixed set and done let's have a   look so I'm going to click on this save this and  let's go to solution I think we have to register   this isn't it so in this um program. CS file  we go there from the V page down here we can   just add builder. services. add scope then with  this scope we need to specify the I account I   account then we say this is an account right good  so this is the implementation and now let's save   this after doing this what is the next thing to do  we can close this program then let's try to let's   go to the component the input and now let's put  them here so I'm going to say at using demo let   me just grab this and Now demo dot we need dto  we also need same but again we're going to have   our pages in here right so pages we're going to  have another we're going to create another one as authentication then here let's inject okay so  we also need one yes thank you for remembering   me you said Services isn't it yes so let's inject  I account then we say account service let's save   that now with this control d a it's already in  there so let's save this let's close it reopen it again we must have it in a Col form  not this okay well we have it created   or it is set maybe we need to  close this now or build this application import it's not working so let's build this I know you say this is not existing before  building yes we have an error so let's create   this add a new folder to this it's going to  authentication don't worry about this folder I'll   tell you what going to do uh now okay so forget  about that let's move on let's build this and   see if it's going to work okay so we still have  an issue here the name type indication does not   exist in this name space but we do have it now we  have just created it or where is it found is not   inside the app yeah it is here authentication and  it is saying we do not have it wow unless maybe I   have to close it and that's how at times this ID  troubles me H okay I have to close and open it   again give me a second oh yeah I'm back so you can  see that it is in here so Authentication and this   authentication and that is authentication where  is it authentication authentication authentication   it is coming from authentication and okay so  maybe for now since there's nothing in contr   K C we can comment this now is working we have it  um in a Col form interface with eight um instance   here created that's fine let's have a look on the  registration so in our service since you are done   creating this we going to create a login so it's  going to come from the component folder then you   see we have pages right so inside this Pages we  want to turn one of this into a register page for   this register page I'm not sure I'm going to take  you through a step by step creating the form just   design any edit form with your the property that  you have stated and that's going to be for if I   go to this register see we have four properties in  here name email password and confirm and password   try to get this data out right and that's what  I'm going to do so in here let me remove the counter or even let me cter be there okay without  forecast also be there but the C is off oh sorry   so let me just have the registration system  in here I have a component created already   so register and that is the route account  and register this is the route okay now you   see from here you have an edit form and I you  see here since you're having a form you want   to statically render this form so we need to  make it in the method of post so you see we are   adding this method because you're going to have  a button clicked and now if you do not provide   interactive server attribute or render mode  on top button clear is not going to work but   you want to also render only this form you don't  want to add any buttons and then so we need not   to add the the the render system all right so we  have to statically render this and if you render   this statically it tells you that this page not  going to be responsive that's a static server   rendering this page not going to be responsive all  buttons when you click hi nothing going to happen   that the reason why we need to include the form  name and also you make a method as post we have   a register D created where it is it if I click on  button submit is going to this method submitting   to this or posting to this method as a register  user we have a class is a form floating registered   EO name and Etc you see we have email we have a  password and confirm password okay now aside from   that when you have a look here you can see that we  have the supply parameter from form and that's the   form maybe my error handling here is not the best  I just want to show you how to displayed an error   you can just format it to to suit your high  level start that you want then in here we're   going for account so here going to be an account  service register async we pass in this okay now   the result that is coming in we're going to check  if it is through then it means account is created   we not to include this navigate to this account  and now login so as soon as you done creating an   account we navigate you to the login else we set  a response here and now the error is going to be   displayed down here very simple one you see so we  creating the service and I consuming the service   inside the Razer component fantastic now this why  you having this error because you have not created   an instance of this nav manager quickly in the  import we can do that so we're going to say inject   nav manager huh nav manager very simple now when  you check it again you save this and I want to   check this this must be solved we're going to do  same to the login so I'm still not going to create   a login for you design it yourself login page I'm  going to have the log in here that's my login now   you sa account and login then please login is  it have you seen that so let me add a place   cuz this page must be respectful it should respect  everybody so please login now from here who I like   this this login now you can see we have the email  and I have the password that is it you have the   button as login you see login and in here we have  the same error that is what we want to display we   call this apply perameter from form and now when  this clicked you want to call this account service rather login pass the model and now the same if  this is okay then return to this for now we're   not having any page you're using this homepage  so if it is what you want please notate to the   page reload the page and then that is it to  get this account created and everything set   okay so that's the r system let me close  this open it again so I'm going to have   the colored one not the black and white as  you are saying yes it's intact that's fine   so our this are loging but we have not  implemented a login yet so we're going   to have a look on the registration system  let's run this application and I'll check it out so the app is launched but you're not having  the login or log out you're not having a login   or register in here isn't because we have not  added them to the nav manager or the nav menu   so we have to manually add yourself accounts  and register do you remember have you gotten   your form oh okay that's fine now let's add  a name so I'm going to say this is net code   Hub right then email is going to be an admin SL  admin.com password let me say there an admin at   23 that's a nice password admin at 1 23 if  I click on register let's see what happens   well we wait to see if this going to work or  not okay so it is still running oh that's fine   it worked you can see it has navigated to  the login page let's create another one so   we to go back in here the same register  instead of this I'm going to say user at user and now this is going to be next SC up  version two what do you think yes version two   then I'm going to say here user at 123 user at  one23 click on this register yeah that's fine   now let's prove it close this SQL Server object  Explorer if you're not having yours please go to   views going to search it in there we do you  remember the name of our database demo SQL   demo dbis identity Etc all right so from the  database we have to get it here demo long one   which is demo Blazer isv yeah that's F this one  so click on the tables and in here let's check   the the registration let's also check for the  rules assigned so from the registration check   it from the identity user as net users we have  to have two people yes you see we have them   here these are the various IDs we have them set  now see these are the names that we St we added   username and Etc right now have you seen the  password it has been encrypted already Yes and   with this the next thing we're going to do here  is let's check the the rules how many rules have   the system created so far huh two rules admin  and a user now let's see which person is having   the admin which person having the user the id  id one is going to be the first to register   right that's the the admin at admin that's an  esod up so let's see let's add me one for the   admin it is what D5 that is a row ID D5 row ID  D5 for admin go for this ASP net user rowes so   you have D5 as an admin check it out so row ID  Ru ID is D5 that is this one now user ID is this   let's find the user ID user ID is one two let's  go to the users now let's find one two one two   is who one two next code H have you seen as an  admin so defaultly admin has been assigned to   this person that's the first register the second  person was assigned Row the user row and now the   subsequent ones will be assigned as a user row  as soon as admin row is created it seals it no   one can enter only the admin that's fine that's  my use case what of yours try to implement your   own magic and I believe you can do it okay so  there is working and the next thing I'm going   to do here is let's work on the signing so if I  click on this login nothing happens here oh not   implemented exception oh that's fine we know thank  you for showing us but we know this so let's close   this and and let's go to the account service  let's implement the sign in in here let's clear this so I believe you know the first thing to do  right it's not about making as async if you're   able to do this it means you know what you're  doing aside from that you know we have to get   user so from this login dto let's get the user  check if user is not found then tell the US not   found very simple if the user is found then we  want to get the user row now we have only one   row created right and that is the either an admin  or user so we get the first or default is going to   get us the first row if you have multiple rows  then you can get all the rows and now send it   okay because this method rains a list of claims  or list of identity row okay now in here we need   to populate or we need to gather our claims that  we want to set so so let's have it set here our   claims now this claim we need to include identity  do claims yes let's see oh we are not having this   yeah it is even solved so claims equal to new list  of claim we have three claims here that you want   name email and row we get a row from this and now  we populate it and that is all after doing this   there are many ways of signing in we first want  to check password sign in if it makes assets then   we want to sign in with claims so password sign  in pass in the the email or the email the user   as well as you can see found here passing this  and this is lock out no this the first time so   we don't want to passing us through this false  defaultly and aside from that we want to check   if it is success but in case it is not then must  I please start this user something H error C you   can just extract the claims or extract the error  and now P it to the client all right but it is not   advisable to P this error to the client because  if it's a sensitive data then you are doomed so   try to customize your errors you can put this  error to your send it to or handle this using   serial log or send it to your email but for the  client customize it beautifully package it and   then give it to him he would love it okay aside  from that then we going to sign in now this guy   here is going to create a token and assign it to  the the contest and now return this as success so   signing with claims passing at the the user this  is going to be um here how many days you want to   keep this for want remember me right here maybe  later on we have a video covered on this how to   use this well but for now let's forget about this  you want to pass in our claims three claims in   here we pass in here and that is all log in is  done you it is very simple isn't it I know you   love it I love it as well okay so now we have  this it tells you that a system is not going to   work what do you think okay let's give it a try  when you run this let's see right click on this   let's go to the inspect you go to the application  and I in here from the cookie session you click   on this for now we have this anti fory token by  the ESP defaultly created now let's go to the account so we're going for an account slash login  let's pass in the user click on um login and now   let's see what will happen here so you can  see that here we found we have the the token   created have you seen this our token we are  signed in and now you see it has been created   here isn't it so we are signing this our token  okay now this is working perfectly but the next   question is how do you authenticate the user we  have the r set up here remember that we specify   some claims which has a row as well how do you  do it that is what I know you are interested in   okay so here I know you are into the code the  actual code as well for the design I think uh   you can do something on your own isn't it now  when you go to this nav menu I want us to have   remove add maybe the login log out buttons in  there so where can we find this we can find   this from the login um layout na menu we can  have this here so all this that we have maybe I can I can just copy this and I'll change the names  but I don't want to do that you can also have time   and do it I'm going to clear all this here and  I'm going to just grab this it is the same watch   what I am doing we are having the same thing  here I change the name to cookie art and it's   the same as you can see you have home counter  weather now this what we having an authorized   view you see it and we using this now with this  authorized view check what is happening we have   this is for only admin who can see this status  here tells you that if I on status is going to   go to this component art and it going to tell  you what whether you authenticated or not if I   click on log out that is where we want to handle  the logout Now log out here we cannot use signing   manager. sign out no this has to be in an HTTP  contest now when you use an HTTP contest accessor   to we can just read the user info we cannot made  any modification HTTP Contex accessor gets you in   a read form only read you cannot edit it if you  can read you'll know the user is authenticated   how about if you want to log out there it's not  possible in using that so in this we can create   a form where whereby going to bind or going  to create our Minima API only method I hate   Minima apis a lot but for this we need to create  a minimal API to handle this if you have a look   on the original copy and that is when you use the  when you choose the individual account it is the   same procedure so if you have if you know have an  idea of implementing that then that's very simple   you can just skip this and move forward okay and  you know since we're going to do that we need to   use an H this is a PHP right you can see this is  done in PHP so we have a form an action pointing   to the location of an endpoint account is going to  be the the endpoint name loger is going to be the   route we have the method as post it's a PHP form  then we have our button so we are posting a void   we posting just a message empty one in there but  soon as we post through the posting we can have   the context whereby the contest is going to be  open for modification then we can sign the user   out H sounds weird right confusing or complicated  all right so this is what I know for now now let's   continue on now from here to you have a register  and this is just a referring to the register   component okay accountregister no matter how it  is upper case lower case is still going to work   huh this is going to work okay okay now we have  our login which pointing to the login okay and   now if you're not authorized you cannot see this  if I save this run this let's see what going to happen oh yes I knew you you're  going to have this did you also   know we need to use this cascading  authentication State provider and   we can put that when you go to the  what is it route let's specify this cascading authentication States you see so we can remove all this let's cut this one open and close  here so control K Control Plus period   you're going to have this all right then  in here let's make this an authorize route view so in here we can have a lot  not authorized you can also have   authorized you also have authorizing  so when authorizing then we can just   display something like please do  wait for us let's make it as an h two okay okay now let's check it out oh okay so you can see now it is working  and you can see we have our home we have this   um counter we have status we have log out  right if I click on this log out nothing   is going to happen it's going to make a post  but it is pushing to this end point and now   this is a route but there's no Endo created  here so logout is not working status error   because we have no created any component  for that what you want to talk about here   is let's try to log in so we are not having  login in here have you seen you're not have   loging let's find the reason why we are  not having that when you go to this now menu that is this one register and that is if  you are not authorized you have to see register   and a login if you are authorized then see this we  have a this also as an authorized only by weather   that's by admin we have our row also created  okay this what we are having now let's save this let's build this again so we still have this  do you know reason why right click on this go   to inspect element now check for application and  check for the token you can see that you have it   in here so we authenticated that's why we have  this so let's delete this one now refresh and   see oh yeah we have it right login and register  status so if I C on this status nothing happens   404 it's not created yet I on register we go to  the register log in and now we are in there now   we can log in and we can register at all time now  if I click on this let's change this to admin so   we said only admin can see whether forecast now it  is logging in let's wait and see it's going to be   registered in here to be created for the cookie  token and also aside from logging in we going to   we have the weather right so it means as soon as  we sign in with claims our token our system is   working with rules now if I click on weather you  can see that we have it in here here now token has   been registered you see as as I sign out and sign  in as that person and that's going to be the user   that's going to be hidden so we are doing hide  and seek using this authentication system okay now   let's work on this logout so and also the status  so let's see what to do let's go in and create one component and I maybe this component  we can just name this component as Au   authorization or detail Etc right so maybe  in the pages let's have this component as OD or maybe we can just close this so maybe let's say this is details uh status so status is in here and now it needs an  authorized view so if you are authorized   then want to display the name and I'll say  you're authenticated that's what you want   to do okay but in case you are not you  authenticated and now this placees what   for authorized so this opens only when  you are authorized you can see this okay   we save this and it's coming from this  a Also let's have a look if I click on   the next one maybe um the log out what's going  to happen let's run this quickly and I'll see first so we have it in here now if I click on  status you will see I'm authenticated so it tells   you that I am hello you're authenticated you're  admin now right click on this inspect element   go to application and I go to to application  cookie clear this reload this and now if I I'm   loging right so if I click on this home then if  I click on status please login you see that so   as soon as you click on status it gets you to  this place do login register it can register   this and now let's see so login let's log in  using this user click on login and now check it out so status you are user but see we can't  see the role there because you're not assigned   to view the weather okay what of the logout so we  don't want to be right clicking and go to inspect   and be clearing the cookie all the time no we  don't want a user to do that Des even not have   an idea of having this right so how can we have  a system to clear this as I said earlier on we   cannot use sign out. sign out signing manager.  sign out let's try that and see if I click on   here if you go to the service maybe that's what  is coming to your mind now this signing manager   you can see it has the sign out it has a sign  out right let's WR that and see and now we're   going to know what I'm talking about so maybe  you can do it to yourself okay I'm not going   to do that because you want to check want to to  follow our time don't want to waste a lot of time   in here so let's create this endpoint to have  access to this Minima API then we can post this   in there and when returning we can return to the  homepage and I'll clear the context that is the cookie so let's go to the solution now  the uh authentication folder that we   created let's add a new class to this now  let's name this as identity component end point identity components end points well you  can just put like this or you can say sign out   end point okay because here you want to make  it as only sign out so let's say this is sign out and points so this is going to be the class let's  click on to get this class created then in here   we need a public static I end point conversion  Builder have you seen this this one then let's   give it a name so map sign up not sign up  sign out endpoint then in here we specify   this we are referring to the this this I end  point identity a conversion Builder but it's   not conversion because since we going to have this  route we need this route Builder let's say this N Point okay so we're going to have only  one end point so let's make that only   end point when you have multiple on then  you can say end point maybe arguments true   through now exception in case this  is through if null then this end point and points okay aside  from that this should be this   should not be public this should  be internal sorry for that and you   know each instance must be created  once so let's make a static Statics static yes okay so it's a static class and  if it is not null then you want to say that   there's an account group so this account group  is equal to this endpoint you see endpoint do   map group now this map group what is the name  so going to be the controller name we're going   to say slash account okay this is a mini Mar API  so in that let's have the account group so since   you have the map group name created it's like  an account dot right dot then map post so it's   a post request remember that the logout form or  the logout form that you created is an PHP and it   is the action is what the method is post and it  is posting to action SL logout take note so the   name here the action the not the action account  SL loger the account is a m group name and now   the logger is a route okay so if you change that  you might also get this change so they can send   together I believe this clear you've understood  it isn't it now in here we're going to say slash   logout then what are the payloads async we need  claims principal the claim principal contains   identity as soon as you sign in identity  has been added to a claim principal and in here let's create it at user okay aside from  this we also need sign in manager sign in manager let's see it's com from Identity  then we have to use an application user   that is the extended class of this identity  user cont period you have to also use this   okay then we have to create an instance of  this we're going to say sign in manager not   man manager manager all right then what  else can we do again we can after this   two is okay so we have the signing manager  with instance created and now in that let's   open this I think there's an eror here  that's why let's have a look we have our logout oh okay so we need to remove one of  these and we have to point it to this then   once you open it no we have to close it terminate  it yes so this what we need to do okay so in here   we're going to say and await so here in the  context we can just sign out so we're going   to say sign in manager DOT sign out okay  then what I return let's return the typed results dot let's local redirect you want  to redirect to where for me home is okay as   soon as you sign out go back to the homepage  then going to say return account group now   with this class that we have created let's  save it let's copy this sign out we're not   going to use this class we're going to use  the method in here as map sign out endpoint   so let's copy this go to program. CS file  then say app. map endpoint then save this   this is coming from control period it is coming  from this so include the reference and that is it okay so let's see let's try to um  refresh this and then let's check it out now we go to log outs so we are sign in  click on status you authenticated if I click   on log out let's see you can see we are out  you see that now let's go to um inspect go   to application then check here from this you  don't have it right let's log in so log in in here let's wait we are in check  our status oh you authenticated right have you seen this log out H it is off  let's also check is the ruw can in of making   an admin and have a look here whether for cast  we have it right when you go to network tab   clear all this counter okay counter is not  created so I believe you can do it yourself   right it's not important here so status then  counter so this is weather we have this is the   the ESP net call antiy token but we not going  to see AI in here because is been sted and now   the HP content going to send it so it's going to  retrieve by the server and I'm going to calculate   it it calculate yes if it's valid or not and  based on the signing manager with the claims   to we can have access to our rows as stated so in  the same folder that we created as authentication   do you remember we have this endpoint mapped in  there that's a sign out endpoint we're going to   also create our new class in here and now this  class is it going to be any class interface   class interface what do you think yeah it's  a class right all right so let's make this as identity um identity revalidate  because you know it's going to   validate all the time so revalidation  revalidating ah I need dating aate provider aate stands for what H yeah that's fine  that's correct let's continue authentication so   let's create this class and now this class it  has to inherit from the parent class and what   is a parent class that's a revalidating  server authentication State provider so here we are going to inherit it like this okay  now in this there's an abstract class that we   need to implement and that is which one ah time  span and validate authentication state async so   this class here is going to tell you what time  or how many minutes or how many seconds do you   want to record this and check if the token is  valid H 10 minutes 1 hour 10 days oh it's bad   make sure it is in the seconds okay do check it  in seconds not in days not in hours else you're   talking aies days that can still have say to  the system but for check seconds 1 second it   does check 2 seconds it does check 30 seconds or  maybe 10 seconds it do check 20 30 40 50 and Etc   all right so in that let's see what we can do  from this let's create a Constructor for this   so I'm going to say here you going to see T  then we're going to inject I loger factory   we can maybe inject this to log out what is it  to log out to log okay we need I service scope   as well so when you also take the original copy  from using this identity manager or using this   individual account you're going to see same  all right it is where all the resources are   coming from so you can just go in there and  check it out if you don't want to check this   then we have eye options and identity options  so once you have this you know what to do we   need to create an assigned field so you can also  use primary Constructor but for now no confusion   no complications you want to create an assigned  remaining field in here okay so now with all this   that we have this we can pass and revalidating  auate provider and let's see if we can specify   this as a base and that's a logger Factory is  it going to work in here or we need to pass it on let's see it's an [Music] option that the reason why this primary  Constructor comes in to make this very   simple Okay so I prefer we use this primary  Constructor for now so let's use a primary   Constructor very single a single line can  also handle everything so I'm going to cut all this okay and it is the same so once you have this  our class that we created was oh the class is off   identity manager validation State let me just go  back and okay so this is a class isn't it so this   class that we have we are going to just instead  of this we're going to place it in here yes so   this what we want now with this identity this  has to be you know for primary Constructor we   do have to inject it in the the class okay okay  then aside from this I can put this on the line   like this this why I I I want the the horizontal  coding I love it so much then you pass the ler   Factory in here so you see primary constractor it  is working by secondary constractor using primary   Constructor it is working by secondary Constructor  it is not that is where you have your Constructor   created and you have all this injected it is not H  my mouse is dancing okay so we have it set in here   now the next thing that we're going to do here is  very simple as well we need to have a time span   so how many seconds you want to be reating this  maybe you can use time stamp from then pass in   the second for now maybe 10 or 20 seconds will be  okay divide it all the time maybe 20 will be okay   aside from it we have this class created now what  can we do in here to validate this aate um async   we have this authentication state which gets the  current user info and I return it see as a payload   so what can we do we can get the user manager from  the new scope to ensure it fetches fresh data all   right so getting the fresh data means that it's  going to have the whole content again then we we   can now do it so first of all we're going to  create a scope then we're going to validate   the security stamp from this now with this that  we using remember that we need to use the user   manager so the user manager contains the current  scope the current user info and we can do that   which has which extends from this identity user AS  application user so get required service from this   the current user with it infos information okay  this must be an asent task then we're going to   return validate security stamp so the security St  going to tell is a token asire you know when you   create if I check this check here you can see  we have security stamp have you seen security   stamp that is it and now this is in the time that  has been encrypted it tells you the time that the   security ah the time that talking going to expire  yeah okay so we're going to get the SC start from   this session then we can now check so from this  let's go to the same class so we have to create   this method down here then see what this method is  going to do I can just grab this very simple one   from the original source and here no need to waste  time since we have it already already created huh   why should you have to waste time on that no  it is not nice to do it so I'm going to paste   this in here and that's a valid security stamp  async you see this is a payload as what the user   manager we have the claim principle which tells  you the current user info all the rules that we   have so we get user async from this user manager  using this principal then if it is now we're going   to return Force but in case and else if it is is  not support user security stamp going to return   through then the principal stamp here we get the  principal stamp and that's what I shown you and   I get the required secur stamp as from the user  and I return principal stamp equal to this user   stamp so this system is going to actually check  if the stamp for the date for the expiration   token or the Quicky is actually due if not yeah  we can still move on with this this system that   we have created or it has been created what can  can you do here I did no modification it is just   from the aset team who did this so credit goes to  them I did not do anything here please so just go   to the identity man individual account and you  can even grab them in here what i is just rename   this put it in simple way okay now this is also  an internal sealed class so there an internal   sealed class okay so we have this set let's go to  the same program.cs file and we go to include it   here so you know that here when you create your  system let me create all the spaces when you   create your system in here that is when using the  jwg token you create an custom aate provider you   have to create a DI between the authentication  State providers original one and the fake one   that you have created or the customized one  that you have created likewise you have to do   the same here allate provider then we have to  link it to a cre di between the custom that we   created as identi validating State provider okay  so we can just put it here and and this going to   make a check all the time so we a build. services  not the host do Services dot ad scop then in here   you're going to say this US state provider do  you have it have you found yours authentication authentication States provider okay then what  else are we binding this uh identity identity   I cannot find mine yes State provider and  I we close it up okay okay so this is all   that we need to do now I think everything is  solved we can close this so right click on this let's close all tabs save this stop this  let's build this project let's make some clean up let's build okay so what you've done so far  you may not able to see any difference because   the token has not expired yet the time is not  du in default ASP identity team made it to 14   days so when you create when assign cookie it  is for 14 days it expires so user has to log   in after 14 days so you can wait for 14 days  then you try it again and then see that it's   going to work okay so while this has built  seeded let's run this and I'll check it it up so since you have an account already you can  see we have a store so we automatically picked   up and we are in already let's log out and now  let's check it out from here the expiring dates   you are not going to see it what you going see  here it is a session written in there by for   14 days you see expir date here you can see  is a session you cannot see this it is for 14   days so let's try to log in here now see so  log in passing this admin and I'll check it out you can see we have a session and you can not   see this but it is 14 days that  is for default by the ESP net Team all right so that is it um for  this video I believe you guys love   it and I also love it as well yes thank you  so much for watching I the next video we're   going to talk about different all  together and trust me you're going   to love it as well till then to give  yourself and I'll catch you next time
Info
Channel: Netcode-Hub
Views: 4,605
Rating: undefined out of 5
Keywords: employee, management, system, building, database, models, web assembly, .net 8, blazor, web, api, .NET 8, Blazor WebAssembly, API, Database Models, Employee Management System., Employee Management System, Develop, Design, jwt, authentication, role-base, authorization, custom auth, Blazor, WebAssembly, user, login, logout, relationships, implementation, controller, generic controller, complete, combine, cookie authentication, role-based authorization, roles, cookie, .net blazor, interactive server, proptection
Id: ZQKTOYfGGf4
Channel Id: undefined
Length: 80min 59sec (4859 seconds)
Published: Mon Jan 22 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.