.NET 8 Authentication with Identity in a Web API with Bearer Tokens & Cookies 🔒

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey friends Patrick here welcome to a tutorial about authentication with the.net 8 web API and oh my gosh it is so much easier to implement authentication now with registering for an account logging in refresh tokens lots of stuff even two-factor authentication you only need some Entity framework boilerplate stuff and then one almost one little line of code in your program CS we're using the older controllers because I do not want to use minimal apis because they look like node.js and I don't like node.js and express I want my old controllers please so we're going to do this in this tutorial and if you like it and learn something then please guys as always hit the like button smash it if you like to subscribe to my channel it does make a difference thank you so much and thank you so so much to all my patrons I love you guys every single one of you and if you want to support me too scroll a bit further down in the video description and there you have the option to thank you very much for considering and now let's start with the tutorial a little information up front this feature is actually already available since dotnet preview 4 you see here May 16th well May the 4th would have been so much better but anyways authentication and authorization this is what I am talking about in this tutorial and you see it here they are excited to introduce map I identity API user the type of the user you want to use this is pretty much the only line you need well of course you need some more code and this is what we're going today in this tutorial and the amazing well it's everything about this is actually really really really amazing but one thing in particular I think is that you can choose if you want to use Bearer token authentication not Json web token authentication Barrett or it's another Bearer so it's a string in a sense or cookie authentication right but you will see how this works in a couple of minutes in this tutorial so here now I've got Visual Studio this one on here that's the right tab the preview Edition 17.8.0 Preview 2 because I'm using the release candidate one of a.net 8 but maybe you're watching this after the full release of a donut date so you don't have to care about that we want to create a new project and I want to create a web API so this shall be an asp.net core web API in that case let's call this dot net 8 authentication maybe again using.net preview configure for https and as I mentioned in the intro I want to use controllers I want them I like them it's more structured and organized in my opinion and again the new minimal apis remind me of node.js and express and I don't really want that so controllers for me let's pin the solution Explorer if it wants to default stuff right we've got our program JS it's not JS CS weather forecast here typical example right and now what we want to do is we will create a data context with Entity framework or using energy framework and SQL Server Express if you don't have Express installed and you want to will code along with me then I recommend installing SQL Express just Google for it to download it and maybe even get the management studio for that then it's easier to have a look at the database but you don't really need it so first step again would be a data context right using Entity framework so let's create a new folder first call this a data here and in here now I will create a new item and typically I just call this data a context and if you're already familiar with Entity framework then you maybe know that when you're creating your own application database context whatever you name it you have to inherit from a DB context right and with control period we get the Quick Fix menu and it says maybe you want to install this package here Microsoft NG firmware core and yes that's absolutely true I want that package because I want to use Entity framework with code first migrations but the thing is since I am now or I now want to use identity for my authentication stuff I'm actually not using the DB context I'm choosing something else and that my friends would be the Jesus tool to go away identity DB context and when I now have a look here also get the suggestion for Microsoft 8 Minute core identity Entity framework core and yes I absolutely want that as well so that's what we need and additionally we also need a teeny tiny Constructor here with one argument that is of type DB context options Bill no no Builder that one and then our type data context say name is your options and we choose the base Constructor use this thing as well and we are pretty much done with our data context here all right so with that we have a data context and we make sure that we want to use the identity one this means we get a couple of tables already when we create our database one more hint the typical user entity that is used by identity is the so-called identity user all right that's that's the one here and you can of course overwrite this thing and or add some more properties to that thing we do that by the way in the dotted Web Academy but just so you know if you want to use your own user inherit from the identity user then you have to specify specify this thing here regarding the type see it here T user well the type user but if you want to use just the standard stuff and for the tutorial I think this is totally enough and sufficient same thing right enough and sufficient anyways then we do it like that okay enough with the data context now what we want to do is we just let's go back to our programs yes and here now still Entity framework boilerplate start re-register our data context so for instance here now we say Builder services and then add DB database a context and that should be our data context lots of tooltips today that's the one okay and please use yep that's the correct one add some options here because we need a connection string for our SQL Server database of course we could have used uh sqlite as well would be maybe a bit simpler but I pretty much always use the SQL Server so here let's use it as well maybe this is more production ready then tell me in the comments if you're using SQL Server as well and for that we've got this use SQL Server method and we need another nuget package for that that is unfortunately not recommended here suggested here so let me fix that real quick we go to browse and here we say Microsoft Entity framework core and then seek where was it there SQL Server the Microsoft SQL Server database provider for Entity framework core that's what we need you can actually lose use the pre-release version right because we're using.net 8 as well so let's have a look again SQL Server there it is all right so let's install this thing I accept and additionally we also need these out there it is all right no no it's gone design package uh for the code first migrations and since I now added the pre-release packages let's update the other ones no update yep just remove the filter here and update the other ones as well I accept and we should be good to go so we've got forever the SQL Server is missing still okay here it is let's try that again I accept and now it is here all right and now we should get yeah using Microsoft and the framework core great and now the connection strings so here now what we're going to do is simply say Builder and then configuration because I want to add the con the connection string to the app settings Json typical stuff right and here we will call this also default connection all right and now let's go to the app settings and here we add connection strings and the default connection again in my case because I am using a SQL Server expressed locally would be server is period backslash backslash SQL Express the data base let's say is dot net 8. authentication Maybe and then we said trusted connection to true and Trust server certificate also true okay so hopefully everything is correct let's save that go back to the program CS let's add a parenthesis here and now let's make this a bit bigger so we see everything okay so we've got our data context we have registered our data context and now we can add authentication and authorization for that real quick I'm currently creating a.net web devjumps.course which will be available for free we're going to have a look at web apis and Entity framework there for instance and if you want to be the first to know when this thing is available then I recommend just check out the link in the video description and I will send you an email when you can get it so scroll a bit further down and then you know what to do and now let's continue with the tutorial we start with Builder and then services and then add authorization okay so far nothing really changed and the other thing that we also need is the identity API endpoint so for that we say Builder so Services add identity API endpoints with now the identity user again in your case maybe you want to use another entity here then just put it there and should also work and then add Entity framework stores see here adds an NG framework implementation of identity information stores so we get a bunch of tables when we now run our migration and of course we have to specify the DB context here that's it and now comes the amazing part really here we just add another middleware here we just say app and then map identity API again for the identity user and that's it this is the new magic in essence but before we can test that we have to run our migration so we go to the package manager console and make sure to use the proper directory here so now we are there and we can say dot net EF if you have the tools installed I have to mention that so if you don't have the Entity framework tools installed what you can do is tool install dash dash Global and then.net EF all right I already have it installed so what I can do is update them or uninstall and then install them again all right and with.net EF we see that this version now is installed and you also see the commands here so now what we can do is.nadf migrations and simply say add initial for the initial migration build the starting and it seems we forgot the design package all right that's the case when you try to do these tutorials real quick when the baby is asleep so again and you get packages and now here again we try to find the Microsoft ASP net core there it is design please that's the one install I accept and now let's try that one more time all right so I had to play around here and it seemed there was really a mismatch with the versions or it just isn't a great idea to use the release candidate 1.8 version of energy framework Core Design I don't know that was an issue maybe for you it isn't anymore because you already have the full release of.net anyways now as you can see here build started succeeded now we've got our migrations folder here and we have a look you see it will create a table asp.net roles asp.net users typical identity stuff right so we can say dot net EF database update and with that then we will get our tables they will be created as you can see here almost all right there's an issue I got several times now so here we just set this to false try that one more time and now you see all the commands seen it right okay you can stop the video if you want to read them but now we've got our tables and now we can finally run our application and drumroll here it is and as you can see whoa lots of endpoints here right of course here we've got our weather forecast okay that's the uh example stuff all right but here now register login refresh confirm email and so on even two-factor authentication and so on but let's just try registering and logging in great thing is when we try it out like that it already says our email address is not correct and even when we say something like string.string.com it says Nope the password has to be changed as well of course you can configure that if you want me to tell you how please tell me that in the comments then I will make another video about that but let's just say we use the proper password string exclamation mark one for instance copy this because we will need that we hit execute and sit here success we have our account all right and now we can log in try this out you can already see there's something else right use cookies use session cookies but let's just leave it at that we say email and password we say execute and we add a comma up here and then we get our Bearer token isn't that amazing it expires and 3600 seconds we've got a refresh token here token type is Bearer and now when we want to test that let's do that real quick for instance when we now say our weather forecast controller here we add authorize all right and and now when we are well refresh our application of course and now try to run this we hit execute doesn't work right so we have to add one more thing to our Swagger configuration so let's go back to the program CS real quick there we are and here now we can say options and then options add security definition oauth 2 which is a new oh pen API security open API security scheme let's just use or add the using directive and here now we can specify some things meaning we can set the authentic or the authorization header so here now we say parameter location is the header then the name of the header is again authorization then we set the type which is security weight security [Music] scheme type API key and down here we say options operations filter operation filter security requirements operation filter and for that we also have to install a package not the pre-release please and with that now we get the option to set a bearer token all right so as you can see now we've got a button to authorize here and down here we also see this a little log icon so this means that we have to be authorized so let's try that one more time we just log in try this out add our email and password with the comma here we hit execute all right there's now our token again this is no Json web token it's already stated in the intro of this tutorial that you watched completely right and now here you just copy and paste it we write Bearer paste our token we are authorized now lock icon has changed a little bit execute and we get our weather forecast data isn't that great and here you see that the token has been added to the authorization header one more thing what about cookie authentication so now let's just say we uh we we just refresh all right so now the header is gone we nope here we say we try this out hit execute all right and now we open the console the developer console and you see it here already here the cookies right and we now say you wanna Well Log in here and use cookies so try this out cookies true string add string.com and the password was string exclamation mark one we hit execute we do not get a token but we have a cookie here right isn't that crazy and now let me try that again we get our data so you can decide do you want to use better tokens or cookie authentication and that's everything isn't that amazing so I hope you guys learned something and you like this tutorial this new feature if so hit the like button please subscribe to my channel really appreciate it and again thank you so much to all my patrons for supporting me if you want to support me too please check out the video description for the link and now I can just say thank you so much for watching and I hope I see you next time take care

Info

Channel: Patrick God

Views: 98,476

Rating: undefined out of 5

Keywords:

Id: 8J3nuUegtL4

Channel Id: undefined

Length: 20min 25sec (1225 seconds)

Published: Tue Oct 03 2023