Coding Shorts: Using Azure Entra ID to Protect Your APIs

Рет қаралды 2,041

Күн бұрын

I was asked that a long time ago about using Azure AD (now Entra ID) in .NET and Vue. I've finally come through! Let's see how it works!
00:00 Introduction
00:46 The Project
01:50 App Registration
03:02 Expose an API
04:24 Adding Entra to .NET Core
06:18 Configuring Authorization
07:25 Testing the Authorization
08:56 Adding to the Client
11:24 Using the Authorization
11:38 Login Users
13:49 Testing Login
15:22 Using the Token in the API
17:25 Wrapping Up
Source code:
github.com/shawnwildermuth/co...
If you like this video, you might like other videos in my Instructional Videos:
- • Instructional Videos

Пікірлер: 18

@dsheardown 3 ай бұрын

Brilliant as always and appreciate the time put into these videos! I realise you are essentially "buying into" a certain platform for your auth but then again I don't really want to try to roll my own auth! I still get this from time to time i.e. the vendor lock-in but come on! we are all "locking" ourselves to some framework/platform etc. :). Personally, I do like the feeling the auth is handled by people who know more about this stuff than I! I am still trying to wrap my head around integrating this type of auth and allowing users to sign up/pay for a SaaS/API access.. I did experiment with the older Azure AD B2C / API Gateway stuff... I should really spend some time reading the updated docs!! Anyway, thank you again for a great intro to this and sharing the code :)

@swildermuth 3 ай бұрын

I am in agreement, find a partner you trust (AWS, Azure, Okta, etc.) and you'll be close the the same implementation. Luckily if you change, it's just changing a little code on both sides, not re-engineering a complete login/security system.

@jamesevans6438 2 ай бұрын

Hi Shawn, great vid, this is not a straight forward concept to get your head around, great explanation and very nice clean code, love it! probably need to handle the access token expiry and a bit of a consideration for refresh tokens, maybe they can't be used with public clients.

@swildermuth 2 ай бұрын

Thanks!

@OmegaCosmos 24 күн бұрын

Hey Shawn, fantastic video! I've searched around for a tutorial on this for ages and just couldn't understand any of them!! Is there a way to implement a navigation guard using this? I want my users to be automatically directed to a login page if they aren't already logged in.

@swildermuth 9 күн бұрын

Yes you can! The client-side Entra API has a simple call to see if the user is logged in. I didn't cover it here, but you'll want to use the client library (it works across frameworks in JS/TS).

@Max-kj2us Ай бұрын

Hi Shawn, As always, your videos are great and helpful! Thanks. Could you do me a favor and expand upon this topic? I would like to figure out how I can secure an API with bearer tokens (Entrar ID), but I would like to trigger the OAuth flow by hand (or by code). Could you show me how I can get that done? So the steps would be: Secure the API like in your video. Write a small C# program that does the OAuth 2 flow and gets the Bearer token. Get weather info and add the token from step 2. I'm mainly curious how you configure Azure.

@eusouodouglas5730 3 ай бұрын

Thank you for sharing ! How is this token working? Is it possible to revoke a token for a consumer in case the person had to token stolen?

@swildermuth 3 ай бұрын

You can revoke the user and the refresh token, but not the access token. The token should be short-lived to limit the amount of time. The token is proof that the user has access, and if it if went back to MS on every request, it would perform really badly. I hope that helps.

@paulh6933 3 ай бұрын

Do u know if the login modal can be customized? maybe branded to my website?

@swildermuth 3 ай бұрын

I'm azure you can add your own branding

@matejl92 3 ай бұрын

😂😂😂@@swildermuth

@akiander 2 ай бұрын

Can you explain why Microsoft's tutorials tell us to create one Entra Application definition for the API and another definition for the client application? This demo appears to use the same application definition for both.

@swildermuth 2 ай бұрын

I wish I could. I think Microsoft is assuming you'll need to create several APIs to protect APIs in chunks, but with roles, that's unnecessary IMO. But maybe an Entra/security person can correct me.

@coderider3022 2 ай бұрын

You should use an app reg to represent each district app. The api is a standalone app, the client is standalone. You could have other apps, power apps , server apps etc. in a contrived example where it’s 1 logical app, it’s ok to use 1. I have an api layer and support multiple clients via their own app reg and my app reg.

@nhatphii 3 ай бұрын

Hi, Thank you for sharing. Can you create tutotiral design project apply clean architecture from basic to advanced? I couldn't find good videos with such content on youtube.I am new to this topic. Thank you for following my question.

@swildermuth 3 ай бұрын

These are short tutorials, I don't create full courses on KZfaq

@dsheardown 3 ай бұрын

But Shawn has some great courses on Pluralsight :) as well as own courses on website I think?