From the course: Building Angular and ASP.NET Web API Apps
Understanding token-based authentication
From the course: Building Angular and ASP.NET Web API Apps
Understanding token-based authentication
- [Instructor] In this chapter, you learn how to add user authentication by using token-based authentication. Token-based authentication is a method used to verify users in an app, and instead of using traditional login sessions, users are given a token after logging in, which acts like a key that provides the user's identity. Authentication token that the token-based authentication uses is just a piece of data that allows the client to access resources. An authentication token is typically a string of characters, often encoded in a specific format that the system uses to verify user's identity or access rights. It is generated after successful login and sent with requests to prove authorization without needing to reenter credentials. The tokens come in different formats. We have the JSO Web Tokens or the JWT. They're commonly used in web apps containing and coding user info and JSON Web Tokens are what we are going to use in this chapter. We also have the OAuth tokens, and these are used for granting access to third-party apps, like for example, login with Google. And we also have session tokens, which are just temporary codes tied to specific login session. Now, an authentication token typically contains information like the user ID. It has the token expiration time, the issuer, so who did create a token. It also has permissions and signature. This signature is used to prove if a token is valid. Now, the way this works is that let's say a user enters the credentials, the credentials are checked in the server, and then if they're valid, a token is created and returned to the user compared to the traditional authentication, which is a cookie-based authentication, where if the credentials are right, then a session is created in the server. In this case, we don't have a session in the server, but we just create a token and that token is returned to the user. Once the token is received, it is stored in the local storage, and then for each request, we also send the token, which is verified to the server, and then the resources are returned. Based on this schema, which is just a simple schema, we can understand that the token-based authentication is stateless and it's more scalable. It is more secure because we pass just a token in our request, not a cookie. It offers accessibility and can be used for multiple platforms and domains. This means that you do not have to create the old system for each app, but you can just use the existing one for different domains or clients. And last but not least, it is based in standards by storing data in JWT format. Now, on the next part, you learn how to set up token-based authentication in an ASP.NET Web API project.
Contents
-
-
-
-
-
-
Understanding token-based authentication3m 2s
-
(Locked)
Configure token-based authentication in ASP.NET Web API5m 49s
-
(Locked)
Build the register API endpoint11m 29s
-
(Locked)
Create the login API endpoint9m 47s
-
(Locked)
Develop the authentication service in angular8m 7s
-
(Locked)
Register for a new account15m 38s
-
(Locked)
Add data validation to a registered form11m 28s
-
(Locked)
Log in to an account6m 6s
-
(Locked)
Secure routes with Angular Guards5m 54s
-
(Locked)
Update the header for logout functionality6m 53s
-
(Locked)
Implement the auth interceptor7m 21s
-
(Locked)
Set a user ID when a transaction is created and loaded8m 28s
-
-
-