Implement JWT and Policy Based Authorization with Custom Requirement in NET 8 Web API With Identity

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Hello friends and everyone welcome back to net  code Hub channel my name is Frederick and I'm   happy to have you here today in this video we  are going to talk about how to apply custom   requirement to are policy based authorization in  net8 web API I have already made a video on how to   implement policy base that is a basic one to web  API and the video link is in the description so if   you haven't checked that one out please check the  video description it is over there this video is   going to be the continuation of the previous one  we've built our authentication system already so   we going to implement the custom requirement on  the policy authorization that we started in the   previous video I would also combine these two  videos to make it one for you so you can also   check the video description and you have the link  in there if you haven't watched the previous one   the source code of this project will be available  so check the video description if you want want   to grab it and review let's quickly go through  what we did in the last video so we can continue   on so you can see that we have an endp point  in here user can now create account canot log   in and within the list single and an home home um  endpoint here it is for all users either you are   administrator your manager or your user because  you have a default or a a general policy for them   and the policy combines all the three rules  that we have single is for only administrator   and manager list is for administrator and manager  as well so you can see that user can access only   this homepage and also single page but user cannot  have access to list page the same thing applies to   manager he cannot have access to single page but  you can have access to list and then home we able   to do that based on the policies that we defined  in here so you can see that we have a policy added   manager admin user and anybody who has this or  any component who has this policy implemented if   you want to get access to that component you must  first be authorized aside from that you must have   a row any of these rows you must have one the same  thing applies to this admin manager and our admin   user okay this what we did so in this we going to  implement our custom requirement now within this   you know this is on a web API so definitely we're  going to generate token so when generating token   we make sure we add the claims of the user and  here we add the rows as well so the row is a claim   that we add to form the token and now when it  gets to the client we can do that we can consume   it and use these claims in um showing and hiding  component maybe this one we're going to talk about   that one later on but for now let's focus on how  to create the custom requirement now we see that   from our endpoint that we have in here user can  have access to this um single or homeage but let's   say this homepage that we have in here we want  to make sure anybody or any user who is going   to have access to this homepage should be greater  or equal to to 18 years that is a requirement a   person who must have access to in the form of user  not talking about manager not talking about admin   talking about the user who's going to access this  content should be greater or equal to 18 so if you   are lesser than that then we not going to allow  you to access this endpoint so in such case what   are going to do theam must first be authenticated  second the exam must be in an user Ro and I'll   tell the users age M surpasses what 18 or equal  to 18 that is where we need this all right so   let's have a look on how to um create this so  first of all what you do here is want you check   our solution we created um a project web API with  Minima end point API end point so you can see that   when we check our DB contest we are using identity  manager straightforward here now I need check the   properties or the the properties this class has  it does not have um date of birth so we need to   create an extended class and we need to extend  this identity user so we can add a property of our   choice maybe I can decide to add date of birth but  you can decide to add name date of birth and Etc   okay so let's do that I'm going to create a class  for this data folder and this going to be app user so this app user this app user class  is going to inherit from identi user and after it get inherited we're going to add  one property and this is going to be the time and   I'm going to say this is date of birth so I'm  adding one property for now let's save this we   have to copy this we go to our solution then in  our DB context class instead of this identity   user no no no no we are going to use this app user  we go to our program.cs and that's where we have   our endpoint um specified so instead of injecting  identity user hey do the right thing we specify   this app user okay so we have this we are done now  here when it come to this side you can see we are   creating instance of this new user so this means  that we have to where we have our models you know   we are not having any model here we receive them  as a a parameter from the end point And now when   we receive them we going to create a new ident  user so here this won't be Iden User it's rather   going to be app user okay so you create new app  user then here we can specify data bet and you   know when you do this we it means we have to add  date of B okay so in order to make this um nice   looking why don't you put this in a com component  a component in a class yes let's actually do that   so I'm going to create a class in here or maybe I  can add folder to this and I'll name this as model   now with this I'm going to add a class in here  and this class going to be let's say register model so in this we need this can be a record so maybe here we're going to need string email we need string password or let's  have Row first string password or let's   use date of B so dat time and  that is date of birth and then we have string password okay so these are the  properties we need in this register model   now let's grab this model let's go to our  program then we can clear all of this from   here and create an instance of this model  we need to include a reference of this so   likewise you can do same to the login now with  this model instead of using this we're going   to say that mod. email mod. password then the  same mod. email again for the username or for   this actual email and our date of birth mod. date  of birth so you know we have this now with this   we need to check this model. email so we can  grab this here now mod. password we need this one you see and now here this what  we're going to do since we have the   properties in here already set  we can use mod. email for this one then mod. row so we have a row here and we need to  add one more so duplicate this and now   here we can have a claim type of date of  bet so we can implement the date of bet here so we have our claims created and um  that we all since this is um date we need   to convert this to string since the type  of this claim is string we need to convert   this to string okay so control k d we can  save this peacefully with no issue okay   so that's all that we need to do and now  when it gets to this we getting claims of   user what is an issue here cannot convert  from Identity user to yes so it means app user app user that's right I think  and here Iden user should been app   user instead yes and that is all okay  now the next thing that we're going to   do here is you're going to apply migration  so I'm going to delay the old one that we did then let's build this project once it suceeded let's go in then apply migration once it's done we  need to update the database yes and it is done now so what we're going  to do here next is to um create our custom   requirement so in this case I'm going to add a  folder in here now custom requirement compris   of two classes that we need to create one  is for the requirement and one is for for   the Handler the Handler is going to implement it  so it's like using cqs we have a Handler we have   a requirement class and we have implementation  class that is a Handler okay so let's see this is custom requirement so let's create our requirement  so we create a class and I will say minimiz   age requirement and now with this minimum age  requirement all that you need to do here is to   inherit from I authorization requirement and I we  need to specify the property so we need only year   you want to find the year so how old maybe the  age and I think that the best thing is to use age   instead not here yes so escaped me I use the same  here in the the previous ones okay so let's say   this is AG okay now we have H and it's inheriting  from this that's all that we need to do we need   to specify your parameter and that is it okay so  now we are done with this we need to create our   Handler the handline going to implement this so  let's go to the same solution let's right click   on this then add a new class and it's going to  be minimum age Handler so first thing this has to inherit from authorization Handler and in that you're  going to implement the class we passing a minimum   age requirement class that we created so first of  all what we're going to do here is we're going to   check if the user is authenticated or if it is  not return because before we implement we check   for this we make sure the user is authenticated  aside from that we want to check does the user   have a claim known as date of B if he doesn't  then return you want to skip that so let's say   here he does he does have then what we're  going to do here is we want to um get the   claim type of data of bet value we pass it on  to dat time since it's the string format then   we you want to check is the age so let me use age  instead is the age greater than or equal to 18 so   if so then we want to set contest. sued and we  passing the requirement then at the end of the   day is going to return so if the user's age is  lesser than that it's going to return it's going   to execute this and in this case it's going to  be an authorized okay it rains um maybe green   light when this method or this line of code  get executed else it's going to be red light   yes another okay so that is all that we need to  do in here let's save our work what you do again   is you go to our program.cs file and on the  Handler that we created we have to register   this Handler so how do we do it go to program.cs  file and now where we have our registration before   the build let's register our Handler in here so  build. services. add I authorization hand is an   interface we specify in our created um Handler in  there okay so the next to do here is to implement   this requirement and order to do that you want  to assign or you want to check or apply this   requirement to only user okay user and admin so  all content that admin can access that user can   access the user's age must be greater than 18  so in order to do that greater or equal to let   me make this point clear so we say that policy  or o. requirement. add we create an instance   new instance of the requirement class that you  created we pass in our age so this is 18 so 18   years and that is what you want the user to get up  to before he can get access with this and now when   you have a look to to our end point you know we  have this you know from the get we have from the   home there is the home um route and our admin  manager user so before user can have access to   this user must be greater or equal to 18 the same  thing applies to single you can see from here it   is admin user so user must be 18 or more before  you can get access to to this two endpoint now   let's run this application we're going to create  user and I'm going to sign in and I'll check it out so the app is ready let me increase  the size in here okay but before we do   this we have to go to our section let's go  to our requirement Handler and now in here   we want to check check here so we can put a  break point to this maybe you have the user   in here so we can put a break point in  here and check it out or yes maybe here   we can check it so let's put a break  point from this and here too we can do same okay so let's go in there andr an account so  we're going to create users so let's try this out   and for email this is admin at admin.com the  row is admin and now date of bet we have it   already so this is going to be let's maintain  what we have the default one and I'm going to   say [Music] 1978 the password is admin at  1 2 3 let's click on create to create this user so created now let's add manager and the row is manager as well now did up that you can say this is 1999 so it also created now let's create user now for user we said this is 2020 so that the the age will be lesser than  18 so let's execute this also created so now   we going to log in let's log to this we passing  our first let's check our admin at admin.com   now the password here it is admin at one 2 3  Let's log in we have our token let's grab a token and in here we authorize it so let's authorize it close it now let's  go to the first endpoint list user must have   access to the list here so we have admin and  manager only can have access that's fine this   working now want need check for single so  you can see here our break point is hit if   I click on Contin now you want to check the  age you can see the age is 46 Point 46 so it   means that it's going to execute this click  on continue and now it's been executed so   it tells you that the user can have access to  this endpoint so admin and user only okay now   the last one is a general one so everyone  can have access to this yes let's check if   let's check for manager as well so let's go to  login and now with this we're going to make it manager let's log in grab the manager token then authorize let's log out login again and let's check this out so for list manager  still have access single execute we check it up   now what is the AG in here is 25 good so now  this also um returns success and now okay so   this Returns what 43 because although the age is  greater when we check our program this is admin   manager policy right so admin and manager policy  and now when we have a look to our end point this   endpoint that we have single is for admin user  policy so manager does not have access to this   so in it runs this this requirement is going  to pass what the requirement this requirement   admin user policy this requirements okay this  requirement is going to be passed because the   user is not indicated and now the row here it  is what admin manager that's fine that is when   is admin manager policy when it gets to admin  user policy the row must be in any the manager   must have one of the row but the manager's  row is not found here although the manager   um shows green light to this because the age is  25 this is passed this also passed but when you   get to this one it did not pass yeah so that's  is why we have 43 is forbidden so manager can   cannot have access to that Endo okay now let's  go in and check for the next one the home for   General one so he must have access to it yes  let's sign this out and now sign in the user   that is what we are much concentrated on so  we're going to log in then let's this is user execute this let's grab the user to again let's log out and then log in again so  now we are logged in as user let's go to the   list execute this we don't have access because  that policy it is admin and manager only we go   to single click on execute at break point is hit  click on Contin the age is four so let's see is   it going to execute this Contin no it didn't and  let's see so here we have 403 as forbidden so when   you check our policy that we created a definition  for that policy you can see that here that is this   one admin user policy admin is authenticated  and that's fine admin not the admin user is   authenticated and that's fine user is in one of  these rows user row that's fine when it gets your   last one does user have age greater equal to 18  and that is no so in this case it won't proceed   all this must get satisfied before this policy  can be utilized or can show green light to the   person so if any of any of these get red light  tells you that no this going to work and that's   the same thing that we experience in in here  so you can see that our custom requirement is   working and we've been able to achieve what  we wanted yes so that is it for this video I   learned I think you've learned something isn't it  yes all right so thank you so much for watching   this video and hopefully I'm going to catch  up again in the next one and till then take
Info
Channel: Netcode-Hub
Views: 581
Rating: undefined out of 5
Keywords: web assembly, .net 8, .NET 8, API, Develop, Blazor, WebAssembly, implementation, controller, .net blazor, create package, download, clipboard, copy in blazor, validation, clean arhitecture, domain, application, infrastructure, jwt authentication, consume authentication, cookie, authentication, CRUD Operations, Web Development, Scaffolding, Rapid Development, Visual Studio, Database Operations, minimal api, policy-based, blazor policy auth, claims, roles, requirement, web api
Id: kIVKwxp3Aro
Channel Id: undefined
Length: 25min 30sec (1530 seconds)
Published: Mon Apr 01 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.