
Learn to implement a mediator-based base controller, apply a custom permission attribute for create actions on employees, and generate JWT tokens via a token service.
Build a multi-layer dotnet 7 web api solution named abc, outlining domain, application, infrastructure, and common layers, plus a web api with authentication and authorization.
Create an employee entity with id, first name, last name, email, and salary; adjust project settings to disable nullable warnings and prepare the domain layer for security demonstrations.
Install entity framework core and sql server packages, enable migrations, and configure asp.net core identity authentication by extending user and role models.
Create an ASP.Net identity db context, inherit from identity db context, and map identity user, identity role, identity user claim, identity user login, identity role claim tables.
Configure the identity db context and explore the identity-related tables (users, roles, user roles, logins, role claims, tokens) to support permission-based auth with migrations and customization.
Configure an employee dbset and map the employee table, then implement a service collection extension to register the application db context with sql server using the configuration connection string.
Register the application database context with the dependency injection container in a web api, configure and update the default connection string, verify the server, and prepare to run migrations.
Verify the database server, update the connection string and enable a trusted certificate, then run the initial migration from the Web API project using EF Core.
Examine the migration script generated by Entity Framework, apply it with update-database to create identity and employee tables, and plan to customize user and role properties after deleting the database.
Extend the application user from identity user to include first name and last name, while creating security and hr schemas and configuring the entity framework before migration.
Extend the application user with first and last names and a full name; add a refresh token with expiry and an active flag; group roles and role claims with descriptions.
Configure identity tables using entity type configurations in EF Core, implementing application user config with IEntityTypeConfiguration to set table name and schema under security, accounting for inheritance.
Run a fresh migration after renaming the database to build updated tables, then configure decimal handling by scanning model properties and setting decimal(18,2) for nullable and non-nullable fields.
Run and fix a migration to establish identity schemas, define application user and role types, and re-run the migration to apply schemas and tables to the database.
Analyze the migration script to customize security schemas, add and index user fields, and apply entity type configurations via on model creating and update the database using EF Core.
Implement ASP.NET Identity in a Web API to authenticate users, authorize resources, generate and validate a Json token, and define permissions as feature and action based claims assigned to roles.
Define public constants for users, roles, and claims, including role claims and permissions, then model application actions with create, read, update, and delete operations and a token exploration constant (exp).
Explore building a read-only collection of strings, define default roles such as admin and basic, and implement a role-check method to support permission based auth in a .net web api.
Configure default admin credentials with a password and email, then seed the user. Create the application permission as a record with feature, action, group, description, and a basic flag.
Learn to build permission strings from a feature and action using a name and build method, then assemble admin and basic permission lists in an app permissions class.
Define roles, role claims, and permissions with read and update access while restricting creation and deletion, and expose a read-only permissions list distinguishing basic from non-basic permissions.
Define admin versus basic permissions by filtering those that are not basic. Create arrays for admin and basic permissions and prepare authentication for the web API.
Seed a .NET web api by injecting user and role managers, applying pending migrations, and seeding an admin user with roles, outlining a reusable database seed method.
migrate the database asynchronously, applying pending migrations based on the migration history, then seed admin and basic roles using the role manager only if they do not exist.
Create a private async method to assign permissions to a role using a read-only list of app permissions, checking current role claims and updating only missing ones.
Learn to construct permission names from feature and action, extend permission properties with description and group, and seed admin and basic roles with assigned permissions in ASP.NET Identity.
Constructs permission names from a feature and action, producing names like permissions dot employees dot create, and assigns them to admin and basic roles via a conditional method.
Seed admin and basic roles, assign permissions to each, and prepare to seed users in a dynamic, advanced .NET web API security workflow using a default permission array.
Create a seed admin user by extracting a username from the app credentials email, uppercasing normalized fields, hashing the password, and assigning basic and admin roles.
Register the database seeder to the dependency injection container and wire it into the web api startup via an extension on the application builder to seed data at startup.
Register the db seeder in the dependency injection container, invoke it from the program after the app builder, and seed roles, users, and permissions for secure access.
Configure and test the identity seeder, run the app, and inspect admin and basic roles and permissions to prepare for permission-based auth with JWT.
Define a permission requirement and an authorization handler to verify a user's access, then implement a dynamic permission policy provider to add permissions at runtime in the web api.
Implement a permission authentication handler that validates user claims against a permission requirement, overriding handle requirement async to succeed when a matching type, value, and issuer are found.
Learn to implement a dynamic permission policy provider and authorization policy provider, wiring in fallback policies, dependency injection, and permission requirements to evaluate access via app claims.
Create a permission policy provider using the authorization policy builder, add a permission requirement to a policy, and wire default and fallback policies with async methods.
Implement a permission requirement and permission authorization handler that checks user claims for permission type, value, and issuer, marking the authorization context successful, while a policy provider dynamically adds permissions.
Register the permission policy provider as a singleton and the authorization handler as scoped within the identity service, wiring the policy provider and handler for per-resource security.
Add the default token providers extension to the token provider registration to enable token generation and password reset actions. Then build login request models and begin user authentication logic.
Design jwt-based token authentication by building token request and token response objects, implementing a token service interface for login and refresh token flows, and wiring them in the application layer.
Implement a token service with refresh token support, introducing a refresh token request, and store refresh tokens in the database while aligning token responses across application and infrastructure layers.
Implement a global response wrapper around token responses, validate login with email and password, generate a refresh token and access token, and update the user record for JWT authentication.
Generate a new token by injecting user and role managers, configuring a secret and expiry minutes via app configurations, and using the IOption interface in the constructor.
Advance the authentication flow by validating the user password with the user manager, handling invalid credentials, and generating a base64 refresh token using a helper that creates 32 random bytes.
Set the refresh token to seven days, generate tokens via it, update the user and refresh token expiry in the database, and build a JWT with signing credentials and claims.
Learn how to generate a JWT security token by configuring claims and expiry from appsettings, create signing credentials, and produce an encrypted token using a token handler.
Encode the application configuration secret to create a symmetric security key with hmac-sha256, then fetch user and role permissions to build claims and signing credentials for the token.
Create a permission-based auth token by building role claims, pulling role permissions, and including user id, email, first name, last name, and phone in the token.
Combine user, role, and permission claims with a union to form a JWT, generate and verify it with jwt.io, and return a token response including refresh token expiry.
Implement the get refresh token async method in assignment two using existing token utilities to refresh authentication. Compare with the previously built get token flow.
Deliver assignment two solution by validating the incoming refresh token, extracting claims, verifying with a signing key, locating the user by email, and issuing a new token and refresh token.
Implement the get token query in the application layer using mediator and a token request with a response wrapper. Structure identity features as queries and set up a mediator handler.
Implement a mediator-based login flow in a web api by wiring a token service through a request handler that returns a global response wrapper, with identity routing.
Injects mediator into a web api project and troubleshoots unresolved mediator references across projects, ensuring proper references from infrastructure to application, with build and restart steps.
Develop a token controller using a generic base controller and mediator to receive a token request from the body via post, then return the token.
Register JWT authentication in the DI container and enhance swagger to pass tokens. Install Microsoft identity authentication JWT bearer and Newtonsoft.Json, and create an extension method to configure token validation.
Configure jwt bearer authentication in the di container with default scheme, validate tokens using a symmetric key, zero clock skew, and event handlers for failures, challenges, and forbidden responses.
Register JWT authentication in the DI container and dynamically add authorization policies from application permissions defined as public static fields, requiring the permission claim in the token.
Create a custom extension to enable jwt bearer token via swagger ui by defining security definitions and security requirements on swagger options.
Configure swagger to use a bearer token security scheme with an api key in the header, and define version, title, license, and contact metadata.
Register a swagger gen extension in the service container and configure app settings for a secret and token expiry. Enable bearer JWT security with header authorization in the API docs.
Register MediatR and the token service in dependency injection by creating an application services method, loading the current assembly with reflection, and wiring identity services as a transient token service.
Apply dependency injection and token-based authentication in advanced .NET web api security, run the app, generate access and refresh tokens, and secure an endpoint with permissions using a bearer token.
Demonstrate protecting an endpoint with a permission attribute using jwt-based authentication and a read permission on employee, including token refresh and permission validation.
Embark on an enriching journey with this Advanced .NET Security course, where we dive deep into crafting robust access control solutions. Starting with the fundamentals, you'll work with AspNet Core Identity and IdentityDbContext, learning how to seamlessly manage users, roles, and permissions.
Navigate the intricacies of EntityFrameworkCore as you master migrations and seed default roles, users, and permissions into the database. With a strong foundation in place, we'll guide you through the world of Clean Architecture, CQRS, and the MediatR Library, empowering you to design efficient and maintainable systems.
Authentication and authorization take center stage as we explore topics such as permission-based authorization and JWT generation/validation. Elevate your skillset further with request validations using FluentValidation, and gain insights into handling refresh tokens for enhanced security.
Incorporate best practices with authentication on SwaggerUI, and learn the art of building permissions, along with the inner workings of Permission Requirement, Permission Authentication Handler, and Permission Policy Provider.
Dynamic user-role and role-permission assignments are demystified, while you also learn to seamlessly activate/deactivate users and safeguard endpoints with permission attributes.
We'll delve into the intricacies of the MediatR Pipeline Behaviour, emphasizing the significance of Dependency Injection in your projects. To empower you with a holistic approach, we offer comprehensive guidance on user, role, and permission management.
As a Extra, explore the exciting realm of a Blazor WebAssembly Frontend App that interacts seamlessly with our API. Join us to transform your .NET skills and become a proficient architect of secure, and scalable web applications.