{"id":2000,"date":"2024-11-01T14:35:54","date_gmt":"2024-11-01T12:35:54","guid":{"rendered":"https:\/\/epicmarketing.co.il\/notebook\/?p=2000"},"modified":"2024-11-01T14:41:46","modified_gmt":"2024-11-01T12:41:46","slug":"authentication-and-authorization","status":"publish","type":"post","link":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/","title":{"rendered":"Authentication and Authorization"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Learning Objectives<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Learn how to implement <strong>token-based authentication<\/strong> using <strong>JWT (JSON Web Tokens)<\/strong> in ASP.NET Core.<\/li>\n\n\n\n<li>Understand how to use <strong>role-based<\/strong> and <strong>policy-based authorization<\/strong> to secure API endpoints.<\/li>\n\n\n\n<li>Learn about <strong>ASP.NET Core Identity<\/strong>, and how to customize it or implement a custom authentication solution if needed.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. Authentication with JWT<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is JWT?<\/strong> <strong>JWT (JSON Web Token)<\/strong> is a compact, URL-safe token format used to securely transmit information between parties. In the context of APIs, JWTs are commonly used for <strong>authentication<\/strong> by creating a token that users receive after successfully logging in. They include user information (claims) and are signed for security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How JWT Authentication Works<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The user logs in with a <strong>username and password<\/strong>.<\/li>\n\n\n\n<li>If valid, the server creates a <strong>JWT token<\/strong>, which includes user claims.<\/li>\n\n\n\n<li>The client uses this token to make authenticated requests to the API by including it in the <strong>Authorization header<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Example: Setting Up JWT Authentication in ASP.NET Core<\/strong>:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Add Packages<\/strong>:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Use the <strong>NuGet Package Manager<\/strong> to install <code>Microsoft.AspNetCore.Authentication.JwtBearer<\/code>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Configure JWT in <code>Program.cs<\/code><\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nbuilder.Services.AddAuthentication(options =&gt;\n{\n    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;\n    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;\n})\n.AddJwtBearer(options =&gt;\n{\n    options.TokenValidationParameters = new TokenValidationParameters\n    {\n        ValidateIssuer = true,\n        ValidateAudience = true,\n        ValidateLifetime = true,\n        ValidateIssuerSigningKey = true,\n        ValidIssuer = builder.Configuration&#x5B;&quot;Jwt:Issuer&quot;],\n        ValidAudience = builder.Configuration&#x5B;&quot;Jwt:Audience&quot;],\n        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration&#x5B;&quot;Jwt:Key&quot;]))\n    };\n});\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Generating JWT Tokens<\/strong> in a Service:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\npublic string GenerateToken(User user)\n{\n    var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration&#x5B;&quot;Jwt:Key&quot;]));\n    var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);\n\n    var claims = new&#x5B;]\n    {\n        new Claim(ClaimTypes.Name, user.Username),\n        new Claim(ClaimTypes.Role, user.Role)\n    };\n\n    var token = new JwtSecurityToken(_configuration&#x5B;&quot;Jwt:Issuer&quot;],\n        _configuration&#x5B;&quot;Jwt:Audience&quot;],\n        claims,\n        expires: DateTime.Now.AddMinutes(30),\n        signingCredentials: credentials);\n\n    return new JwtSecurityTokenHandler().WriteToken(token);\n}\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\">This method generates a JWT token that contains user information such as the <strong>username<\/strong> and <strong>role<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Real-Life Example<\/strong>: In an <strong>e-commerce<\/strong> system, JWTs can be used to authenticate customers before they access their order details or payment information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Authorization<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Role-Based Authorization<\/strong>: <strong>Role-based authorization<\/strong> allows you to control access to resources based on user roles. For example, users can have roles like <strong>Admin<\/strong>, <strong>User<\/strong>, or <strong>Manager<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Example: Role-Based Authorization in Controller<\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n&#x5B;Authorize(Roles = &quot;Admin&quot;)]\n&#x5B;HttpPost(&quot;create-product&quot;)]\npublic IActionResult CreateProduct(&#x5B;FromBody] Product product)\n{\n    \/\/ Only admins can add products\n    return Ok(&quot;Product created successfully.&quot;);\n}\n<\/pre><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Explanation<\/strong>: Only users with the <strong>Admin<\/strong> role can access this endpoint.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Policy-Based Authorization<\/strong>: <strong>Policy-based authorization<\/strong> allows more complex requirements than role-based authorization. Policies can include multiple conditions, such as requiring both a specific role and age.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Example: Defining a Policy<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Configure Policies in <code>Program.cs<\/code><\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nbuilder.Services.AddAuthorization(options =&gt;\n{\n    options.AddPolicy(&quot;AdminOnly&quot;, policy =&gt;\n        policy.RequireRole(&quot;Admin&quot;));\n    options.AddPolicy(&quot;AgeRequirement&quot;, policy =&gt;\n        policy.RequireClaim(ClaimTypes.DateOfBirth));\n});\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Using a Policy in a Controller<\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n&#x5B;Authorize(Policy = &quot;AdminOnly&quot;)]\n&#x5B;HttpDelete(&quot;delete-product\/{id}&quot;)]\npublic IActionResult DeleteProduct(int id)\n{\n    \/\/ Only admins can delete products\n    return Ok(&quot;Product deleted successfully.&quot;);\n}\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Real-Life Example<\/strong>: In a <strong>user management system<\/strong>, different endpoints can be restricted based on user roles or specific claims. For example, only <strong>Admin<\/strong> users can delete accounts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. ASP.NET Core Identity<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is ASP.NET Core Identity?<\/strong> <strong>ASP.NET Core Identity<\/strong> is a membership system that provides login functionality for applications. It includes features such as <strong>user management<\/strong>, <strong>password hashing<\/strong>, and <strong>roles<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can either use the <strong>default Identity system<\/strong> or create a <strong>custom authentication<\/strong> solution.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Setting Up ASP.NET Core Identity<\/strong>:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Add ASP.NET Core Identity in <code>Program.cs<\/code><\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nbuilder.Services.AddIdentity&lt;ApplicationUser, IdentityRole&gt;()\n    .AddEntityFrameworkStores&lt;ApplicationDbContext&gt;()\n    .AddDefaultTokenProviders();\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Customize User Entity<\/strong>: You can customize the user entity by inheriting from <code>IdentityUser<\/code>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\npublic class ApplicationUser : IdentityUser\n{\n    public string FirstName { get; set; }\n    public string LastName { get; set; }\n}\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Custom Authentication Solution<\/strong>: In some cases, you may want to create a custom authentication solution using <strong>JWT tokens<\/strong> or another approach instead of ASP.NET Core Identity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Real-Life Example<\/strong>: In a <strong>financial application<\/strong>, Identity can help manage users and assign roles such as <strong>Accountant<\/strong>, <strong>Manager<\/strong>, and <strong>Customer<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Examples<\/strong><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Simple Example: Login and Generate JWT Token<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">User logs in and receives a JWT token.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Code Snippet<\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n&#x5B;HttpPost(&quot;login&quot;)]\npublic IActionResult Login(&#x5B;FromBody] LoginModel login)\n{\n    if (login.Username == &quot;admin&quot; &amp;&amp; login.Password == &quot;password&quot;)\n    {\n        var token = _authService.GenerateToken(new User { Username = &quot;admin&quot;, Role = &quot;Admin&quot; });\n        return Ok(new { Token = token });\n    }\n    return Unauthorized();\n}\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Real-Life Example<\/strong>: Used in an <strong>e-commerce<\/strong> system for customer login.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Simple Example: Role-Based Authorization<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Restrict an endpoint to only allow <strong>Admin<\/strong> users to access it.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Code Snippet<\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n&#x5B;Authorize(Roles = &quot;Admin&quot;)]\n&#x5B;HttpPost(&quot;add-user&quot;)]\npublic IActionResult AddUser(&#x5B;FromBody] User user)\n{\n    return Ok(&quot;User added successfully.&quot;);\n}\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Real-Life Example<\/strong>: In a <strong>user management<\/strong> system, adding new users might be restricted to admin roles.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Simple Example: Policy-Based Authorization<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Use a policy to require a specific claim.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Code Snippet<\/strong>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\n&#x5B;Authorize(Policy = &quot;AgeRequirement&quot;)]\n&#x5B;HttpGet(&quot;restricted-content&quot;)]\npublic IActionResult GetRestrictedContent()\n{\n    return Ok(&quot;This is restricted content.&quot;);\n}\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\"><strong>Real-Life Example<\/strong>: In a <strong>financial application<\/strong>, sensitive data can be restricted based on user age or other conditions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Key Takeaways<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>JWT Authentication<\/strong> is used for securing APIs by issuing and validating tokens.<\/li>\n\n\n\n<li><strong>Role-Based and Policy-Based Authorization<\/strong> are used to control access to different parts of your application.<\/li>\n\n\n\n<li><strong>ASP.NET Core Identity<\/strong> provides a complete solution for managing users, roles, and authentication.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Practical Questions<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>What is the difference between <strong>authentication<\/strong> and <strong>authorization<\/strong>?<\/li>\n\n\n\n<li>How can you implement <strong>JWT authentication<\/strong> to secure an API?<\/li>\n\n\n\n<li>When would you use <strong>policy-based authorization<\/strong> instead of <strong>role-based authorization<\/strong>?<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>New Concepts in .NET 8<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>New in .NET 8<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Native AOT Improvements<\/strong>: Native AOT (Ahead of Time) can help reduce startup time for authentication-heavy applications by compiling applications directly into machine code, making APIs more responsive.<\/li>\n\n\n\n<li><strong>Enhanced Security Features<\/strong>: .NET 8 introduces better <strong>default configurations<\/strong> for secure JWT token handling and improvements in <strong>token lifetimes<\/strong> for enhanced API security.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Learning Objectives 1. Authentication with JWT What is JWT? JWT (JSON Web Token) is a compact, URL-safe token format used to securely transmit information between parties. In the context of APIs, JWTs are commonly used for authentication by creating a token that users receive after successfully logging in. They include user information (claims) and are [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[79],"tags":[],"class_list":["post-2000","post","type-post","status-publish","format-standard","hentry","category-dotnet-8","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Authentication and Authorization - Code Notebook<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/\" \/>\n<meta property=\"og:locale\" content=\"he_IL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Authentication and Authorization - Code Notebook\" \/>\n<meta property=\"og:description\" content=\"Learning Objectives 1. Authentication with JWT What is JWT? JWT (JSON Web Token) is a compact, URL-safe token format used to securely transmit information between parties. In the context of APIs, JWTs are commonly used for authentication by creating a token that users receive after successfully logging in. They include user information (claims) and are [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/\" \/>\n<meta property=\"og:site_name\" content=\"Code Notebook\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-01T12:35:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-01T12:41:46+00:00\" \/>\n<meta name=\"author\" content=\"kerendanino\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u05e0\u05db\u05ea\u05d1 \u05e2\u05dc \u05d9\u05d3\" \/>\n\t<meta name=\"twitter:data1\" content=\"kerendanino\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u05d6\u05de\u05df \u05e7\u05e8\u05d9\u05d0\u05d4 \u05de\u05d5\u05e2\u05e8\u05da\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u05d3\u05e7\u05d5\u05ea\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/\"},\"author\":{\"name\":\"kerendanino\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#\\\/schema\\\/person\\\/195dfc625818eadda7903d456890e24c\"},\"headline\":\"Authentication and Authorization\",\"datePublished\":\"2024-11-01T12:35:54+00:00\",\"dateModified\":\"2024-11-01T12:41:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/\"},\"wordCount\":665,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#organization\"},\"articleSection\":[\"Dotnet 8\"],\"inLanguage\":\"he-IL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/\",\"url\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/\",\"name\":\"Authentication and Authorization - Code Notebook\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#website\"},\"datePublished\":\"2024-11-01T12:35:54+00:00\",\"dateModified\":\"2024-11-01T12:41:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/#breadcrumb\"},\"inLanguage\":\"he-IL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/authentication-and-authorization\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Authentication and Authorization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#website\",\"url\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/\",\"name\":\"Code Notebook\",\"description\":\"Easy coding\",\"publisher\":{\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"he-IL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#organization\",\"name\":\"Code Notebook\",\"url\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"he-IL\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/logo-epic-marketing-05.png\",\"contentUrl\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/logo-epic-marketing-05.png\",\"width\":3626,\"height\":1942,\"caption\":\"Code Notebook\"},\"image\":{\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/#\\\/schema\\\/person\\\/195dfc625818eadda7903d456890e24c\",\"name\":\"kerendanino\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"he-IL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/285cc9389c66aa46da1e26a474b1e90e9efaf3fa21f1b928cbd63ce5f0e89c63?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/285cc9389c66aa46da1e26a474b1e90e9efaf3fa21f1b928cbd63ce5f0e89c63?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/285cc9389c66aa46da1e26a474b1e90e9efaf3fa21f1b928cbd63ce5f0e89c63?s=96&d=mm&r=g\",\"caption\":\"kerendanino\"},\"url\":\"https:\\\/\\\/epicmarketing.co.il\\\/notebook\\\/author\\\/kerendanino\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Authentication and Authorization - Code Notebook","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/","og_locale":"he_IL","og_type":"article","og_title":"Authentication and Authorization - Code Notebook","og_description":"Learning Objectives 1. Authentication with JWT What is JWT? JWT (JSON Web Token) is a compact, URL-safe token format used to securely transmit information between parties. In the context of APIs, JWTs are commonly used for authentication by creating a token that users receive after successfully logging in. They include user information (claims) and are [&hellip;]","og_url":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/","og_site_name":"Code Notebook","article_published_time":"2024-11-01T12:35:54+00:00","article_modified_time":"2024-11-01T12:41:46+00:00","author":"kerendanino","twitter_card":"summary_large_image","twitter_misc":{"\u05e0\u05db\u05ea\u05d1 \u05e2\u05dc \u05d9\u05d3":"kerendanino","\u05d6\u05de\u05df \u05e7\u05e8\u05d9\u05d0\u05d4 \u05de\u05d5\u05e2\u05e8\u05da":"4 \u05d3\u05e7\u05d5\u05ea"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/#article","isPartOf":{"@id":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/"},"author":{"name":"kerendanino","@id":"https:\/\/epicmarketing.co.il\/notebook\/#\/schema\/person\/195dfc625818eadda7903d456890e24c"},"headline":"Authentication and Authorization","datePublished":"2024-11-01T12:35:54+00:00","dateModified":"2024-11-01T12:41:46+00:00","mainEntityOfPage":{"@id":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/"},"wordCount":665,"commentCount":0,"publisher":{"@id":"https:\/\/epicmarketing.co.il\/notebook\/#organization"},"articleSection":["Dotnet 8"],"inLanguage":"he-IL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/","url":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/","name":"Authentication and Authorization - Code Notebook","isPartOf":{"@id":"https:\/\/epicmarketing.co.il\/notebook\/#website"},"datePublished":"2024-11-01T12:35:54+00:00","dateModified":"2024-11-01T12:41:46+00:00","breadcrumb":{"@id":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/#breadcrumb"},"inLanguage":"he-IL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/epicmarketing.co.il\/notebook\/authentication-and-authorization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/epicmarketing.co.il\/notebook\/"},{"@type":"ListItem","position":2,"name":"Authentication and Authorization"}]},{"@type":"WebSite","@id":"https:\/\/epicmarketing.co.il\/notebook\/#website","url":"https:\/\/epicmarketing.co.il\/notebook\/","name":"Code Notebook","description":"Easy coding","publisher":{"@id":"https:\/\/epicmarketing.co.il\/notebook\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/epicmarketing.co.il\/notebook\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"he-IL"},{"@type":"Organization","@id":"https:\/\/epicmarketing.co.il\/notebook\/#organization","name":"Code Notebook","url":"https:\/\/epicmarketing.co.il\/notebook\/","logo":{"@type":"ImageObject","inLanguage":"he-IL","@id":"https:\/\/epicmarketing.co.il\/notebook\/#\/schema\/logo\/image\/","url":"https:\/\/epicmarketing.co.il\/notebook\/wp-content\/uploads\/2023\/07\/logo-epic-marketing-05.png","contentUrl":"https:\/\/epicmarketing.co.il\/notebook\/wp-content\/uploads\/2023\/07\/logo-epic-marketing-05.png","width":3626,"height":1942,"caption":"Code Notebook"},"image":{"@id":"https:\/\/epicmarketing.co.il\/notebook\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/epicmarketing.co.il\/notebook\/#\/schema\/person\/195dfc625818eadda7903d456890e24c","name":"kerendanino","image":{"@type":"ImageObject","inLanguage":"he-IL","@id":"https:\/\/secure.gravatar.com\/avatar\/285cc9389c66aa46da1e26a474b1e90e9efaf3fa21f1b928cbd63ce5f0e89c63?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/285cc9389c66aa46da1e26a474b1e90e9efaf3fa21f1b928cbd63ce5f0e89c63?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/285cc9389c66aa46da1e26a474b1e90e9efaf3fa21f1b928cbd63ce5f0e89c63?s=96&d=mm&r=g","caption":"kerendanino"},"url":"https:\/\/epicmarketing.co.il\/notebook\/author\/kerendanino\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/posts\/2000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/comments?post=2000"}],"version-history":[{"count":2,"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/posts\/2000\/revisions"}],"predecessor-version":[{"id":2005,"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/posts\/2000\/revisions\/2005"}],"wp:attachment":[{"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/media?parent=2000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/categories?post=2000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/epicmarketing.co.il\/notebook\/wp-json\/wp\/v2\/tags?post=2000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}