Episode 3 Authentication with Microsoft Identity Part 1 of 3 (ASP.NET Core MVC)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] okay so welcome to the third episode in building a website using visual studio 2022 um in this video we're going to look at microsoft identity which is the authentication and authorization area of asp.net core um i've mentioned this asp.net a number of times so what is this.net so a.net is a developer platform made up of tools programming languages and libraries for building many different types of applications so i've built windows applications using.net some of you may have come across things like c sharp this is a programming language also visual basic and there's also f-sharp so these are programming languages used with net there are a number of base libraries that are available for net and editors the editors that you're going to be using is the visual studio editor so an extension of net is asp.net or asp.net and asp is active server pages and these are dynamic pages these are pages that are influenced by the user they are based on processing using back-end information that's done in c-sharp and the web pages are actually written in a version of it's kind of like html but we call it razer and this is what we use to build those pages the libraries and patterns that we use in the background the one that we're going to be using is the model view controller mvc the authentication system is microsoft identity which i'm going to be showing you later on in this video and also there are a number of editor extensions for asp.net but we're not actually going to be using asp.net because asp.net is only available through windows we're going to be using asp.net core and asp.net core is open sourced and also cross-platform cross-platform basically means that it will function on windows mac linux and also mobile devices as well so we can write applications and software using asp.net core on multiple platforms so identity i've mentioned this before so what is it all about so identity is an authentication system and it includes libraries a database and template pages we've got a whole host of template pages to go through um this video so you're going to see all of that the um the terms authentication identifies who you are now what i mean by that is when you log in you've got to put in information that only you should know so it could be a password it could be a pin number you might be using biometrics which is a fingerprint scanner a thumbprint uh retinal scan face detection all those kind of tools so there are a number of ways of authentication so it's identifying you as the user so that when you log into a system the system is satisfied that you are who you say you are now authorization is different authorization basically allows you to do what you need to be able to do so if you were working for an organization and you were working in a warehouse it is fair to assume that you wouldn't need to have access to payroll so your authorization levels would not allow you to use payroll or even to get close to using payroll but all the tools that you would need to do your warehouse tasks should be made available to you and there might be layers of authorization within your warehouse likewise if you're in payroll it might be that you do not need to access the information for the warehouse so you so it kind of works both ways so authorization is about what you can do now one of the things that the software is going to be able to do is log in and register now the registration is it's quite a simple process in microsoft identity and we'll go through that in a moment but to get you started what we do is we need to have an email address a password and password confirmation the password confirmation is simply set up to identify that the user who entered the password entered the correct password that they thought that they entered what you don't want to do is give a user the opportunity to key in a password once go away come back and they've actually left the caps lock on or they press the wrong key and now they can no longer access their information now one of the other things that some people aren't aware of is that when we ask for the email that's actually used in two sections of the database so it's actually used as the email address and also the username so it can be used in both areas and it basically is split if you like into those two fields and then there's the constraints on the password the password has a number of constraints there's a minimum number of characters that you can use there's a maximum number of characters you can use there's a requirement for you to have so many capital letters so many lowercase letters so many numbers and also so many symbols so i'm going to show you how to model that around your requirements so that will be something that i will show you later on it might not be in this video but it may be in a later video when we look at modifying the website to the way that you want it to to work so let's just assume for a moment that you log in so what i'm going to do is i'm just going to use the um the images on the screen so i'm going to log in and i've entered the correct information so what happens is that information gets sent to the database and it gets checked it gets checked via the server to see if the information that you have keyed in matches the information that is on their system and then what happens is it bounces right back once the authorization is granted allowing you to access parts of the website that you would not normally be able to access had you not logged in okay so that's actually quite simple to to wrap your head around i hope now registration as i said to you is quite restrictive at the moment the only thing that it's asking for is an email and a password and what we're going to be able to do in today's lesson is add other information so in this case we're going to add a first name and last name but you could add other information as well you could have a company name you could add telephone number you could have the address if it's a retail company or you're sending information to an address so we've got a number of things that we can add to that registration and i'm going to show you three ways of managing or basically modifying your registration there's going to be the standard version where there's going to be no changes to the installation so we're satisfied that the system with it's just its email and password is enough for us that's it we'll just stick with that option two is gonna be let's add some other fields to the uh to the registration um we've already done the first bit we want to now add that information so this is the second part which is going to be looking at adding that first name and last name the third version we're going to start a new project but we've got a registration plan so we already know what we're going to add so i'm going to show you how to do that so it's going to be three demos in total that we're going to go through and uh let's get started with the first demo okay so this is demo one and we're just going to create a very basic system so i'm going to start with create new project now because we use asp.net core web app before it's straight in there so i'm just going to click on that button and hit next i'm going to give it a name so in this case i'm going to call it demo one and just like before i'll call this double one application okay okay so we're going to be using net six and we are going to be using authentication individual accounts so pretty much what we have before make sure you've got your configure for https selected and hit create now we just wait for the software to do its magic and there you go all done so as i said to you there's not a lot of modification that needs to do with this so straight in there i'm going to hit demo one and get that running and in this few moments we should get a version of a browser come up here we go so with the browser running as you can see we've got demo one over here the first thing i'm going to do is go straight up to register now like i said in the intro the only two items that this system collects is the email and the password and there is a confirm password there so i'm just going to pop in example at example.com as an email address password i'm going to pop that through okay make sure that these two match hit register and if all's good we should end up this screen what this screen is telling you is that there is not a database present at the moment there's nothing for it to store all that information now there's some instructions down here on what you can do but see this little blue button here that says apply migrations what that does is it basically creates that database for you that's schema so hit the migrations applied and then hit refresh once you've refreshed it let's resubmit the form you should end up with this screen this screen is normally used as a developer's tool ordinarily what would happen is an email would be sent to the user and they would then click on a link to confirm their email okay so i'm just going to do that now and it's important that you do click on that link because otherwise this won't work properly so it says thank you for confirming but as you'll see we're not actually logged in yet so i'm just going to hit login and i'm going to put in example at example.com pop in the password i'm going to hit remember me and i hit login and there you go we're straight in there as i said to you this is the username up here and you can see it's saying hello example at example.com so that's all working fine i'm just going to log out and then i'm going to log back in and i'm going to log in as example just to show you that it doesn't work and if i use example at example.com and type in the wrong password login that shouldn't work either so as you can see it is working fine let me just close that for you one moment and i'm just going to quickly show you the database so over here we've got the server so i'm going to hit that i hit this button here to look at the sql server okay and uh let me just drop down see which one we're on here we go so we've got demo one here i know i've got two demo ones but uh this is the uh the one that we're using at the moment so i'm going to go to tables and the tables i want to look at is the users so this is the dbo asp.net users table so i'm going to right click on that go to view data and what that will do is it will show me the table let me just uh move that out the way so we can make it slightly bigger here you go here's the whole table here i don't think i can zoom in though um so as i said to you username is example example.com the normalized version as you can see is it capitalized then we've got email so as i said there's username and email both for the same information in it and we've got the normalized version here the password well the password is not what i typed in as i said to you before in a previous video the password is actually secured from the database administrator so even the database administrator won't know what the user's password is so that's how secure this system is equally as you can see here email was confirmed i clicked on that link okay so that's demo one all done hope you enjoyed that i'm going to move on to demo two [Music] you

Info

Channel: Kernow Coder

Views: 9,435

Rating: undefined out of 5

Keywords: Visual Studio 2022, Visual Studio, Microsoft, Web Design, ASP.NET, Web Development, C#, dotNet, identity, authorisation, authentication, .net, core, ASP.NET Core, MVC, Model, View, Controller

Id: cMjAyGGylCc

Channel Id: undefined

Length: 13min 38sec (818 seconds)

Published: Wed Dec 01 2021