The .NET 8 Auth Changes You Must Know About!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everybody I'm Nick and in this video I'm going to show you how finally in.net 8 authentication and identity in general has been made awesome it was simplified in a very big way and it is effectively fixed because identity and auth in general in.net has been a big pain point for years it's actually one of the most ranted about things in modern.net and Microsoft put people like David Fowler behind the project just to see if we can do better and spoiler alert we can in this video I'm going to show you what changed how easy it is to set up and how you can use it if you like type of content and you want to see more mixed view subscribers for more training check out our courses on dontrain.com now quick announcement before I move on we have a brand new course on Dom train called getting started with the main driven design that has been one of the most requested topics for courses on Dom train and is finally here and is offered by the excellent educator and content creator ambikai Mountain Man and in case you don't know amikai has his own YouTube channel Link in the description give him a sub but he's also a software engineer in Microsoft whose code Powers Technologies behind things like Microsoft Office so literally hundreds of millions of users a month use the stuff he writes he's an expert on the topic and he actually runs training like that in Microsoft as well so you're getting the highest quality possible which is what I wanted to offer with Dome train in the first place now to celebrate the launch I'd like to offer the first 500 review at 20 discount code on the course so use code ddd20 at checkout to claim it and trust me when I say these do go quick so if you want to buy it buy it now also if you buy this getting started the course you will also get a special discount code when the Deep dive and advanced versions of these DVD course around so you can double dip in discounts all right enough with that back to the video all right so make sure that I have here I have a simply.net 8 asp.net core API and it has nothing we just have the Builder and that is it and the reason why I'm choosing to go forward with this approach is to show you how simple it is to convert this into something that has identity and off in it now first identity needs a user so what I'm going to do is I'm going to create my user over here and that is going to extend the identity user class and that is it I have a user so let's go ahead and do some wiring up over here so we're going to go into the services and say Builder dot Services dot add authentication and by default you can use a cookie scheme but what I'm going to use is I'm going to say add better token and then I'm going to use identity constants to specify the better scheme now this is not a Json web talk and it is still a better token in the same way that jot is a better token and it is still a self-contained stateless token but it is not the same format so do not be confused now with that in place I can go and say Services dot add authorization Builder over here so this will add all the necessary services and in terms of auth directly that is it now to simplify the setup I'm actually going to use empty framework core to store my user data you don't have to you can use whatever you want or you can roll your own Vision but anti-framework especially in.net Aid is really really fast and unless you really need that minor thing you can get out of manually writing or your SQL I actually recommend just using ef8 now because of all that we're going to use some nuget packages to help with this process so the first thing I'm going to use is the microsoft.asynet core.identity dot anti-firmware core package let's go ahead and add that then I'm going to need a provider I could use in memory but that sort of feels like cheating I want to show you how you can actually do this with a real database so for that I'm going to use the sqlite one and we're going to build migrations and everything and then because when it migrations I'm also going to add the design package of any framework core so let's go ahead and add that and now what we will need first is of course a DB context so class app DB context and have that extend the identity DB context with my user as the user of course we're going to add the Constructor so let's go ahead and do that sort of the bulk standard Constructor over here and now I can go ahead and register the DB context so don't add DB context app DB context and wire it up here in the settings so use sqlite I'm just going to say that data source equals app.db and that is it and now we need to add identity so builder.services.add identity core my user is the user I want to use I'm going to say add anti-framework stores and in this case I'm going to specify the DB context and then I'm also going to say add API endpoints and that is it that's all the service setup I need now on its own not much has changed here but it's the next part that really sort of changes the game previously if you want to have login endpoints registration endpoints token refreshing endpoints you have to sort of manually map everything but now you no longer have to all you need to do is say app dot map identity API and specify the user object and that is it this will add all those endpoints for you so for example if you add an endpoint that needs auth for example map get and I'm going to have it on the root and I'm going to have the claims principal object over here representing the user and that is a special type that minimal apis will just especially inject and detect based on off in your request then I can say something like hello and then use the name so user dot identity dot name they should not be nullable and should not be nullable because I will require authorization here and that's it that's all the setup you need now we can go ahead and create and run our migrations so to do that I'm going to say dotnet EF migrations add initial create and this will build the initial migrations based on my user and everything as you can see they have been created here excellent and then I'm gonna go ahead and say.net EF database update to create my SQ to light file and everything so the API can just run and work and as you can see I have that here with all the tables and in this case no users yet so that's it I'm ready now I can go ahead and just run this API and register login and refresh my talk and let's see how all that works first I'm going to go to post one and if I try to call the root endpoint over here then as you can see I'm getting a 401 unauthorized there is no token there is nothing and I do require authorization so I cannot be off in but I can register I can say Nick Jarvis is a username I can say password um one exclamation mark as the password do not use that password and then things like Nick at dometrain.com as the email and that will create as you can see over here a user and I can go to aspened users here and you can see my user with all the details created in return I can grab that email file and go to login and login and I'm using a better token like I said not jot but the same sort of concept in a way and then I can provide the password so if the password is wrong so let's say a password and then three in the end or um the pound sign then as you can see I'm getting unauthorized and failed but if I use the right password then I will get not only an access token but we also have a refresh token now the purpose of the refresh token is to be stored locally on the client and be used if that access token has expired you know how Facebook or Instagram or whatever app you're using except for Microsoft doesn't ask you to really log in every time even after days that's because they have a long lived refresh token stored locally that they can use for you to automatically re-log in so we have that behavior by default now so if I grab the access token over here and I can go to the get endpoint and I paste it as a better token over here then as you can see see I'm getting hello Nick at downtrend and what I want to show you is that there is actually if I clear all the console there is no request to check if the token is valid or whatever on the database so when I call this you see nothing happened in the logs that's because it is a stateless self-contained token that doesn't have to hit the database to detect who is who that information is embedded in it and of course if this was wrong so if the first letter was a you will get an unauthorized so it has to be the right one and it should not be expired if you wanted to actually work now let's see the refreshing part so I'm gonna go here and grab the refresh token and what this will allow me to do is go to the refresh endpoint so we had redis which is a post login which is a post and then refresh which is a post all automatically by the way I can paste that token and what's going to happen is the token will be taken and if it is valid it will be refreshed so we're gonna get a new token to use over here and a new refresh token as well so we can go here and use that and that also works and all that is done simply by having this map identity API taking that user into account and all the details of that user and as you can see over here a lot of stuff are actually happening behind the scenes with a login and point being mapped the register endpoint being map a group being created over here also the refresh endpoint is here and there's also other stuff like confirm email is also added the recent confirmation email forgot password reset password all of those endpoints or even manage are actually added automatically as well as two-factor authentication and things like info over here so if I was to go here and say and manage and then info I should get all the details about my token all that without you having to do anything of course a lot of this is actually customizable so you can actually make it whatever you want it to be but you get tons of things out of the box which previously was very very confusing to setup plus this can be used easily on everything it doesn't have to be just minimal API or just MVC or just whatever you can apply to whatever you want so finally it is simple but now I want to know from you what do you think about this and do you think this is step in the right direction would you wish that they did something in a different way leave a comment down below and let me know well that's all I have for you thank you very much for watching and as always keep coding

Info

Channel: Nick Chapsas

Views: 95,178

Rating: undefined out of 5

Keywords: Elfocrash, elfo, coding, .netcore, dot net, core, C#, how to code, tutorial, development, software engineering, microsoft, microsoft mvp, .net core, nick chapsas, chapsas, dotnet, .net, identity, identity server, identity .net, .net 8, identity auth, auth, authentication .net, authentication identity, ef core, ef 8, ef identity

Id: sZnu-TyaGNk

Channel Id: undefined

Length: 10min 27sec (627 seconds)

Published: Thu Aug 24 2023