C# ASP.NET MVC Authentication - Logging in locally or with OAuth (using Twitter) credentials

Share
Embed
  • Published on Feb 9, 2018
  • Newsletter signup (with exclusive discounts): iamtimcorey.com/general-sign-up (your email will be kept safe and you will not be spammed).
    Twitter App Signup: apps.twitter.com
    Twitter Certificate Fix: stackoverflow.com/questions/25011890/owin-twitter-login-the-remote-certificate-is-invalid-according-to-the-validati
    Setting up an ASP.NET MVC site to allow people to log in is not that hard. In this video, I demonstrate how you can set up a login system for users, how you can upgrade that system to include Twitter authentication (using OAuth), and then how you can lock down your site to only allow certain people access to certain areas. We will create security groups and lock things down even further.

Comments • 231

  • Chris Petraskie
    Chris Petraskie 17 days ago

    Hi! Could you possibly point me in any direction of how I could implement this with discord?

    • IAmTimCorey
      IAmTimCorey  17 days ago

      Sorry, I don't have any experience doing that. I would look at their documentation to see if they allow this and how it would work.

  • Jaspreet Sidhu
    Jaspreet Sidhu 21 day ago

    Hi Tim,Thanks for this video,however i am just curious to know how [Authorize] works behind the scene.How it gets to know the user details and token and authorize the user..
    It would really be helpful if you could provide me any pointers .

    • IAmTimCorey
      IAmTimCorey  20 days ago

      It uses the header token and converts that over to identify the user. From there, it figures out if you have access privileges or not.

  • DamagedSoul BrokenHeart

    Learned alot from this thanks !

  • See for Codes
    See for Codes 23 days ago

    Sir please upload a series of identity framework from scratch with user customisation..
    Please sir

    • IAmTimCorey
      IAmTimCorey  23 days ago

      I am using authorization in the TimCo Retail Manager series. That will include customization and authorization.

  • Micah hoffmann
    Micah hoffmann 26 days ago

    How do you handle managing Startup.Auth.cs in Git? You don't want to be sharing your keys?!

    • Micah hoffmann
      Micah hoffmann 22 days ago

      @IAmTimCorey Great thank you Tim.

    • IAmTimCorey
      IAmTimCorey  23 days ago

      You mean if we enable Twitter/Facebook/etc. authentication and had secret keys? We would not store them here in a production app. Instead, we could store them in our web.Release.config file and not check that file into source control. That would be if we are doing the publish from our local machine. Another option is to store those values in a config file on our deployment server and then do a config merge on deployment. We could also store them in Azure Key Vault and pull from there directly. That's the recommended practice for .NET Core web apps.

  • Gaming Hub
    Gaming Hub 27 days ago

    is this also a Oauth2.0 ? or it only applies in asp web api ?

  • Richie Edwards
    Richie Edwards 29 days ago

    How do you go about restricting the data seen on a page based on the logged in user? Example, user1 should see items a, b, c on the page and user2 should see items d, e, f

    • IAmTimCorey
      IAmTimCorey  29 days ago

      You do that in the queries based upon the UserId of the logged in user. We will be doing that shortly in the TimCo Retail Manager Series.

  • G-tronics
    G-tronics Month ago

    馃憣really simple as 123

    • G-tronics
      G-tronics Month ago

      Yeah man i think after 3 months i will join your courses. My problem right now my Bank account is suspended for some reason. Because i am new to mvc i dnt wanna keep asking. I have projects i am building already doing trial and error but i just want to be an expert in web development like you馃槉. Now i am struggling with creating responsive sidebar navigation (which can open and close ) with mvc. I searched the net it seems one of the abandoned topics.

    • IAmTimCorey
      IAmTimCorey  Month ago +1

      Glad you found it simple.

  • Craig H
    Craig H Month ago +1

    Thanks for making these tutorials! Fantastic content

  • Mohamed Abd Elrahman

    WOW , really very good explaination

  • Ares Dragoj
    Ares Dragoj Month ago +1

    Upon creating the twitter app
    Website URL accepts neither localhost nor 127.0.0.1

    • IAmTimCorey
      IAmTimCorey  Month ago +2

      Twitter has changed things around since this video. It looks like they really want a public URL. You can use localtest.me as the solution for non-production apps: readme.localtest.me/ There are also some other suggestions in the comments as well.

  • tonyfearn
    tonyfearn 2 months ago

    Hi Tim, great tutorial. I followed it to learn the way authentication works in .net, but I have been trying to locate where the register details are saved to the database. I indent to create a similar project but do not want the local DB. I want to create a code first app with a user model to create the DB table. Could you point me in the right direction, or do I need to go about it in a different way?

    • IAmTimCorey
      IAmTimCorey  2 months ago +1

      Not sure what you mean by register details. The user information is stored in the AspNetUsers table. Personally, I don't mess with that table though. Instead, I add a separate database and put my data there. That keeps the authentication system separate from the data (easier to keep logins separate for the two plus easier for other security reasons). If you look at how I did it for the TimCo Retail Manager series, you will see me set up the two and then "link" them by using the userId from the authentication system to identify the user in the other database.

  • ryotgr
    ryotgr 2 months ago +1

    Hi Tim, followed your guide verbatim and after setting up Twitter, (on localhost), am getting a gnarly "Response status code does not indicate success: 403 (Forbidden)." A lot of reading says it may relate to callback urls, but I tried a dozen and am not sure what else to try. I used the same steps in the guide, nothing different! Anyone else have this issue?

    • Micah hoffmann
      Micah hoffmann 26 days ago

      @Jason Uronis this is my solution, which is weird because twitter tells you to use 127.0.0.1

    • Jason Uronis
      Jason Uronis 2 months ago +1

      @ryotgr I ran into this today myself...in apps.twitter.com your callback URL should be localhost:[your port number]/signin-twitter

    • IAmTimCorey
      IAmTimCorey  2 months ago

      Twitter has changed things around since this video. It looks like they really want a public URL. You can use localtest.me as the solution for non-production apps: readme.localtest.me/

    • ryotgr
      ryotgr 2 months ago

      Also you are not able to put local host or 127.0.0.1 in the "website" field displayed @31.49 in the guide. If you do this it says it is not a valid website. So I put a random url since it is just running on my machine. For the callback url I tried a littany of things starting with 127.0.0.1 or localhost with /twittersignin or /signintwitter variants based on stackoverflows - but nothing is making the 403 go away.

    • ryotgr
      ryotgr 2 months ago

      Also on the latest Twitter developer apps page there doesn't seem to be any longer the "enable/disable callback locking" that was in this demo. It doesn't show up anymore so I don't know if that is a problem -> developer.twitter.com/en/apps

  • tired old programmer
    tired old programmer 2 months ago

    I am playing with VS 2019 and tried to create authentication for my web site. Unfortunately, your video (very good by the way) only deals with VS 2017. It would seem that VS 2019 has buried everything. Ideas where to look? or are you going to create a new/revised video for VS 2019.

    • Joe Mieszczur
      Joe Mieszczur Month ago

      Also throwing this out there: I had an issue when following these videos I couldn't find some of the project templates. Little did I notice: I was using .Net Framework 4 as the default option. Seems VS added some updates to some of the UI elements since this video. once set to the same version used in the video series @ 3:45 you can see its 4.6.1... all the templates are right there. Not sure if this is your same issue.

    • IAmTimCorey
      IAmTimCorey  2 months ago +1

      VS 2019 has the same templates as VS 2017. How you create them will be a bit different but it should work the same way. If you create an ASP.NET Core version then things will be different. In my Getting Started with .NET Core course, I covered what ASP.NET Core looks like and how to work with it.

  • MegasXLR
    MegasXLR 3 months ago

    Hello, I get "Response status code does not indicate success: 401 (Authorization Required)." when I click on the Twitter login button. Both sites in the apps.twitter.com app are real websites. What could be the problem? Also, do you have a tutorial on enabling email verification by using the built-in things that MVC makes for us. I know there are Email & SMS verifications but not sure how to use them after a person has registered.

    • IAmTimCorey
      IAmTimCorey  3 months ago

      This thread might help (there are a lot of possible reasons for a 401): twittercommunity.com/t/error-401-unauthorized/367
      As for configuring email and SMS verification, not yet I don't.

  • MegasXLR
    MegasXLR 3 months ago

    "I'm not sure why I'm a 'We' today" XD

    • IAmTimCorey
      IAmTimCorey  3 months ago

      Every once in a while my royalty slips out.

  • Antonio Comique
    Antonio Comique 3 months ago

    Hi, can I use this login technique with google, and after the user login to google, I need to use the credential to list the user's projects from the google cloud? thank you.. :)

    • Antonio Comique
      Antonio Comique 3 months ago

      @IAmTimCorey Thank you Tim.

    • IAmTimCorey
      IAmTimCorey  3 months ago

      That's not really what this is doing. That would be working with the Google API.

  • bryan smith
    bryan smith 3 months ago

    How do you forward the user login information to an external SQL database?

    • IAmTimCorey
      IAmTimCorey  3 months ago

      Not sure I'm following. You can use any database for your authentication DB. Just change the connection string to point to a remote database and you are all set.

  • ghizlane khattari
    ghizlane khattari 3 months ago

    I like your effort thank you
    Please if you have any cours of MVc share with us coz i have once project i choice MVC coz i think is vert performent really?

    • IAmTimCorey
      IAmTimCorey  3 months ago

      I have an add-on course for my C# Application from Start to Finish course that just replaces the WinForms user interface with ASP.NET MVC: www.iamtimcorey.com/p/tournament-tracker-add-on-asp-net-mvc-user-interface

  • hq cart
    hq cart 3 months ago

    Hello tim, Awesome tutorial, Thank you.
    I have a question about cookies and how to set its expiration date?

    • IAmTimCorey
      IAmTimCorey  3 months ago

      I believe this should help: stackoverflow.com/questions/33701398/oauth2-webapi-token-expiration

  • Faraz Siddique
    Faraz Siddique 3 months ago

    basically my database is show in server explorer, is it any problem if i used that database?

    • IAmTimCorey
      IAmTimCorey  3 months ago

      Not for development, no. You might want to look at a full SQL database when you go to production though.

  • Alexander Her
    Alexander Her 3 months ago

    the password is salted before hashed

  • CHUMA FONSECA
    CHUMA FONSECA 4 months ago

    This is only if u can't see the DB in localDB, do this, register a new user and that's it kkkkk

    • IAmTimCorey
      IAmTimCorey  4 months ago

      Yep. You can also manually trigger a database update in EF but I find that to be more difficult than just registering a user.

  • Demir 脟elebi
    Demir 脟elebi 4 months ago +2

    I wish someone to explain Authentication middleware in detail. What is Authenticaion Type? How does it work regarding cookie based authentication ?

    • Demir 脟elebi
      Demir 脟elebi 4 months ago +1

      @IAmTimCoreyThanks for your attention Tim. I'd be so thankfull to you if you take your time to pick up on it. I have really had a hard times to understand how this middleware and its properties behave after each request.

    • IAmTimCorey
      IAmTimCorey  4 months ago +2

      Sounds like a good in-depth video. I'll add it to the suggestion list.

  • Claus Eksing
    Claus Eksing 4 months ago

    Hi Tim - Great Introduction

  • Mike Munoz
    Mike Munoz 5 months ago +1

    Great stuff...

  • Amerco
    Amerco 5 months ago +1

    Great video
    Can you make. Video about how to add the standard login to an existing mvc projekt and define grouped roles/users.

    • IAmTimCorey
      IAmTimCorey  5 months ago +1

      That is a messy process. They didn't design it as a modular piece so what you would have to do is create a new project with authentication and then copy the files and modifications into your existing project.

  • Ali Makhmali
    Ali Makhmali 5 months ago

    Great work. I am preparing for Microsoft 70-486 exam. Any hints on what videos are must-watch? And books perhaps? Thanks.

    • IAmTimCorey
      IAmTimCorey  5 months ago

      I don't have any exam-focused content but anything I've done with MVC will help. I do have an add-on course that uses ASP.NET MVC at www.iamtimcorey.com that might help you out. It is an add-on to the main C# Application from Start to Finish course, though, so the add-on only covers MVC, not the business logic or data access since they are already covered in the previous course.

  • Sa nG
    Sa nG 6 months ago

    My company has Web/WPF/Mobile applications and we are planning to implement Oauth 2.0 (Okta) authentication. I see lot of examples on how to implement oauth on web and mobile applications but I do not find any examples/tutorials on implementing oauth on WPF applications. Can you suggest something for WPF application ?

    • IAmTimCorey
      IAmTimCorey  6 months ago

      I don't have any resources for that yet, but I'm planning on hooking up a WPF app to a WebAPI that has authentication on it in my TimCo Retail Manager course that I'm releasing on TheXvid. It just isn't that far along yet.

  • Martin Goodrich
    Martin Goodrich 6 months ago

    A most enjoyable tutorial. Thank you very much. Is there a possibility that you could do a similar tutorial for authentication with Microsoft Office365?

    • IAmTimCorey
      IAmTimCorey  6 months ago

      I will add it to the list. Thanks for the suggestion.

  • Ayman Mohamed
    Ayman Mohamed 6 months ago +1

    Another awesome tutorial, thank you so much for your efforts Mr.Tim :)

  • Bluer Gost
    Bluer Gost 6 months ago

    I saw lot of video but every one of them just cover the same topics and this one was no difference. I wish someone would cover the advance things rather than saying there are lot of things that could be done.

    • Bluer Gost
      Bluer Gost 6 months ago

      I will be looking forward to it and hope it covers the professional practices of building a software using ASP MVC. Good luck to you :)

    • IAmTimCorey
      IAmTimCorey  6 months ago +1

      There is only so much an intro can cover without being an entire course. However, stay tuned as I'll be setting up a WebAPI project with authentication for my upcoming course here on TheXvid (launching this Monday). That will go into practical use for authentication (permission levels, passing credentials, using tokens, etc.)

  • yogesh vaidya
    yogesh vaidya 6 months ago

    its too long but very useful and informative tutorial ,yo did just simply grate works , i request you to give email verification tutorial ,
    thanks

  • Karl Essinger
    Karl Essinger 7 months ago

    Hey, it seems if I add the authentication system when making a webapi based project there is no register or login button on the sample page. Is there some guide on how to use it with a webapi project?

    • Eng.Mohammed Salah
      Eng.Mohammed Salah 6 months ago

      @Michael Eichner
      Login over APi: u just send username &password inside header as ajax calling by jquery or angular
      then server side as api check the user and password and then create something called acccessToken some encrypted string saved inside database with expired dateTime and sent back to user to say hey u are login success and client side sent this access token inside header with every request to server and server take this accessToken and search it inside db and know that its not expired and user is login and so on ....

    • Michael Eichner
      Michael Eichner 7 months ago

      IAmTimCorey Karl has hit on a question that鈥檚 been puzzling me. How does the front end whether it鈥檚 using ASP.NET MVC or a JavaScript front end pass that login token in the API Call? How does the backend know that the front end has logged in?
      Thanks

    • IAmTimCorey
      IAmTimCorey  7 months ago

      WebAPI is trickier because there isn't a focus on the UI (because it is about the API calls). You will need to create your own front-end and then use the token with all future API calls.

  • joseph quesada
    joseph quesada 7 months ago

    Thank you so much!! You explained it amazing

  • Aranan Eyie
    Aranan Eyie 7 months ago

    Hi @IAmTimCorey, I notice that once we get into twitter signup page, it asks us to have/create a developer account? Did you have to do that too or is this a new step that Twitter has just created since your video was published early this year. Thanks.

    • IAmTimCorey
      IAmTimCorey  7 months ago +1

      Not sure but if Twitter says you have to do it, go for it. It is probably just a conversion of your existing account to allow for more features.

  • COMMANDER
    COMMANDER 7 months ago +1

    hi please add 2factor method to your list too ,that would be helpful

    • IAmTimCorey
      IAmTimCorey  7 months ago +1

      I'll see what I can do. Thanks for the suggestion.

  • Gareth Doherty
    Gareth Doherty 7 months ago

    Because of your 'Connecting to SQL video' I am a Dapper convert and never want to touch EF. Is this the only instance on which you would have EF installed into your app? Are there no other MVC type authentications which don't involve EF?

    • Gareth Doherty
      Gareth Doherty 7 months ago

      @IAmTimCorey Thanks Tim.

    • IAmTimCorey
      IAmTimCorey  7 months ago +1

      Pretty much this is the only place I use EF. As for authentication systems that don't use EF, not that I have found that aren't also very complicated.

  • mudit mathur
    mudit mathur 7 months ago

    Can you make a video about authentication without using Identity

    • mudit mathur
      mudit mathur 7 months ago

      How about using OWIN authentication with oauth as identity looks too complex to me

    • IAmTimCorey
      IAmTimCorey  7 months ago

      That's a slippery slope. Are you anticipating home-grown authentication?

  • Ant贸nio A
    Ant贸nio A 7 months ago

    I'm having this error when trying to access twitter login: "No connection could be made because the target machine actively refused it". Already tried the SSL=True and looked for answers online found nothing relevant...

    • IAmTimCorey
      IAmTimCorey  7 months ago

      Maybe try the localhost IP address (127.0.0.1)

    • Ant贸nio A
      Ant贸nio A 7 months ago

      @IAmTimCorey Nice video tho :)

    • Ant贸nio A
      Ant贸nio A 7 months ago

      @IAmTimCorey I guess that is it and I tried several ways: localhost, localhost:(whatever my port is), localhost:port/signin-twitter, none worked

    • IAmTimCorey
      IAmTimCorey  7 months ago

      It sounds like your callback URL is incorrect.

  • prince fold
    prince fold 7 months ago

    You didn't do the .Net Core part

    • prince fold
      prince fold 7 months ago

      @IAmTimCorey Okay, Great, Thanks

    • IAmTimCorey
      IAmTimCorey  7 months ago

      .NET Core is coming in a future video. Trying to cover authentication for both MVC and .NET Core in one video just doesn't make sense. They are different enough to be confusing but similar enough to cause problems.

  • Sanjiv Sabeswaran
    Sanjiv Sabeswaran 7 months ago

    wow!! thank you for sharing your knowledge!
    i have experience in c# windows form application development. now i have started also the ASP MVC. This video helped me to increase my knowledge. But i have a problem. i have already developed a mvc project. how can i add this user Authentication in exist project(which is none user Authentication)??

    • IAmTimCorey
      IAmTimCorey  7 months ago

      Hmm, I think there is a way to do this elegantly but I'm not sure how to do it. Maybe create a new demo project with authentication and then transfer the code over.

  • Andrew O'Regan
    Andrew O'Regan 8 months ago

    On the Twitter set up - on the Website URL all i get is 'Invalid website url'
    I have tried 127.0.0.1/ and 127.0.0.1:8080/ and 127.0.0.1:53243/
    but not getting any nearer - any ideas

    • IAmTimCorey
      IAmTimCorey  7 months ago +1

      You could try https. If that does not work, try a URL shortener (like bit.ly) to shorten your url (with the port number) and use the resulting bit.ly link.

  • WantOxide
    WantOxide 8 months ago

    For anyone watching: The first 35 minutes of the video could be resumed in 5 minutes.

  • WantOxide
    WantOxide 8 months ago

    I will explain you how it works > 19:00 by large you can leave this as it is and just works
    Wow, awesome explanation

  • Moroccan Jockey
    Moroccan Jockey 8 months ago

    How would one use authorization in say, a wpf application? Is that possible?

    • IAmTimCorey
      IAmTimCorey  8 months ago

      Yes it is. With authorization, typically you get a token that you then put in the header of all future calls to indicate who you are. You would just store that token and send it on any API call you make from your WPF application (or JavaScript application or Console app, etc.) I'll be doing a video on that in the future.

  • Max Bertram
    Max Bertram 8 months ago +1

    Hey Tim, I really appreciate your tutorial! Nevertheless since Twitter changed to developer.twitter.com I fail to login to Twitter. Could you maybe give some update on that? To be more precise I get an error 403 (Forbidden) after clicking the Twitter button. As far as I investigated there is some issue with the Callback URL, which I have to use when I create a new app at developer.twitter.com.

    • Eremia Laurentiu
      Eremia Laurentiu 3 months ago

      @IAmTimCorey I have the same issue as him, searched on the internet and nothing found yet

    • IAmTimCorey
      IAmTimCorey  8 months ago

      There are a number of reasons you might get a 403 error. You might be using http instead of https. Your callback URL might be incorrect. Try using 127.0.0.1 for your callback. You can also Google your specific error code to see what answers come back.

  • Joe Beauchamp
    Joe Beauchamp 8 months ago

    Tim, would it be possible to use Dapper to connect to SQL Azure in this scenario? I assume it would be possible, just wondering if it would be a good way to go. Any Dapper related videos planned?

    • IAmTimCorey
      IAmTimCorey  8 months ago

      Yes, Dapper can connect to SQL Azure. You just need to change the connection string. Everything else is the same compared to on-premises SQL. As for more Dapper videos, yep, they are coming.

  • Dave Simon
    Dave Simon 9 months ago +1

    Gone are the days where one could download a shareware copy of Hotdog HTML editor and publish a site with having just a few files. (Which IMO, is a good thing. I feel the internet became convoluted with junk because people could just keep adding trash to the pile not having any technical skill or understanding what's going on under the hood.)
    Great video!

  • choi soohyun
    choi soohyun 9 months ago

    it's a super easy tutorial ever..! I love this tut!@ haha Thanks.

  • R茅mi Duplan
    R茅mi Duplan 10 months ago

    I don't have Auth.starup.cs neither identityConfig.cs . And when I create the project (choosing asp.net mvc, with authentification set to individual user account), it dosen`t install all the newget package related to owin.security.facebook etc ... and some other. Why ? how can I get this ? I really need these file in my app_start. I arrived on you video after a day of search where i saw everywhere that these files are taken for granted at the creation of the project.... thank you to give a clue about this please.

    • R茅mi Duplan
      R茅mi Duplan 10 months ago

      Hi Tim ! how are you ? thank you for your very fast reply :) . I have founded this morning. Yes you were close. it is effectivly at the moment where you decide what kind of project that my problem occured. In fact i was effectivly setting up the authentication to individual account. but as i did that before everything(before determining if I want an mcv/webapi and so on ... ) visual studio set back the authentication to none .... I just changed my habits about the order I was setting my project (stuff I usually do eyes closed) ... so when i saw the files I was looking for this morning I was pretty stunned. (the 'what did i do right, this time ?'' situation ;) ). Thank you. Have a good day.

    • IAmTimCorey
      IAmTimCorey  10 months ago

      Did you set up a MVC Core application instead of a full .NET project? That may be the issue.

  • Kitty Technologies
    Kitty Technologies 11 months ago +2

    Great video. Can expand it include user and role management via a webpage.

    • Okku Toivola
      Okku Toivola 11 months ago +1

      I'd like to see that too!

    • IAmTimCorey
      IAmTimCorey  11 months ago +2

      I'll be covering this in future videos. Thanks for the suggestion.

  • Paul Anthony
    Paul Anthony 11 months ago

    Hi Tim, this is great. Would love to see an example of impersonation following on from this video. i.e. login as an admin (with admin roles) and then impersonate a user already registered in the system to see their data. Or indeed any pointers on which classes etc. to read around to do this.

  • Santhosh Kadambari
    Santhosh Kadambari 11 months ago

    I have a requirement where I should develop an ASP.NET MVC application without a user database. The users should be authenticated by another website (developed by us only, but hosted in different server). This other website has a RESTwebapi login service. And the same application should also have WEB APIs which should be consumed by a client. So, we should provide authentication for those clients as well. Can you suggest a best approach to perform authentication and authorization? Thank you.

    • Dave Simon
      Dave Simon 9 months ago

      @Santhosh Kadambari
      Check Upwork or another consulting site. You can hire people to write code that you don't have the ability to yourself.

    • IAmTimCorey
      IAmTimCorey  11 months ago +2

      That makes sense. As far as contacting me for further help, I don't offer free design support. I do offer a limited amount of consulting hours per month, but those are already booked for the next couple months and the pay rate is quite high.

    • Santhosh Kadambari
      Santhosh Kadambari 11 months ago

      Thank you for the reply. I implemented a login screen in my new MVC app which will take the user credentials and pass on to the login API of the enterprise server to get the access token. That means, the user is authenticated by the enterprise server. I then saved the token in the session and used Authentication Attribute which is decorated to each controller to check if token exists in the session or not. If token exists, then continue or redirect to login action. I haven't implemented any identity and forms authentication. Please suggest if this approach makes any sense. How would I contact you to discuss more about this? Thank you.

    • IAmTimCorey
      IAmTimCorey  11 months ago

      It is hard to understand the structure based upon your explanation (but it isn't something we can go into more detail on), but if your WebAPI has sensitive data then you need to authenticate the clients. As far as the approach to authentication, that will be tricky because of the split architecture and lack of database for the MVC project. My recommendation is to test out authentication and see what you can get to work.

  • Joe Beauchamp
    Joe Beauchamp Year ago +1

    I am also getting the Forbidden 403 error. Twitter is using SSL and I followed the steps to setup SSL for the project here: docs.microsoft.com/en-us/aspnet/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on#setting-up-ssl-in-the-project Any ideas?

    • Andrew Davison
      Andrew Davison 9 months ago

      In my case, this worked: localhost:7839/signin-twitter (adjust the 7839 to your own port displayed in your url)

    • runorthwest
      runorthwest 10 months ago

      Yes, specifying the port number is a necessity. I wish I could give more up votes so that others see it.

    • BromBrom41
      BromBrom41 11 months ago +1

      try changing your callback url to 127.0.0.1:50060/signin-twitter or localhost:50060/signin-twitter in your twitter app setting.
      [change the port number according to your situation, mine was set 50060 by default as I used built-in IIS express.]

    • IAmTimCorey
      IAmTimCorey  Year ago

      Not sure. It is probably something small. Try looking at the answers from this list. Maybe something will pop out at you: www.bing.com/search?q=c%23+twitter+oauth+403+site%3Astackoverflow.com

  • Trevor Butler
    Trevor Butler Year ago

    any special considerations when it comes to deploy to production and I move the local users from the localhost to the sql server?

    • Trevor Butler
      Trevor Butler Year ago +1

      IAmTimCorey ok perfect.

    • IAmTimCorey
      IAmTimCorey  Year ago

      Not really, no. The biggest thing is to change your connection strings to point to the production SQL server. You can do that during the build process. Your database will be recreated if you point it to a new location so that's not a problem. However, you will need to recreate an admin account.

  • portiseremacunix
    portiseremacunix Year ago

    Liked, subbed and belled. Need info how to setup work account or intranet setting.

    • Trevor Butler
      Trevor Butler Year ago

      I also am interested in setting up auth using Microsoft AD. I know it's a pain in the ass to setup in lab, but I'm hoping if there is enough requests that it would be worth your time.

    • IAmTimCorey
      IAmTimCorey  Year ago

      This one is a bit tougher to demo because you need a network/Active Directory to set it up.

  • kombo kenedy
    kombo kenedy Year ago

    Tims your works alwalys kills me .

  • Grokfyr
    Grokfyr Year ago +1

    If you are the kind of person that say "OMG, it got much stuff installed, i need to remove it all", programming is properly not your thing :D - 9:10

    • IAmTimCorey
      IAmTimCorey  Year ago +1

      Well, the unfortunate part is that some "teachers" tell users that if they see a lot of plug-ins, etc. then something is wrong and they need to stop doing that. It is an over-correction for users who get a plug-in for everything instead of writing any code. The key is context. If you have that many plug-ins because you forgot to code, yes, try to remove them and start over. However, if you have no plug-ins and try to do everything manually yourself, that will take too much time and negates one of the big benefits of programming. Instead, you need to know what your balance is and hit it.

  • Victor Onyebuchi
    Victor Onyebuchi Year ago

    I am getting a Forbidden 403 error when i click the twitter sign-in option, tried both options in the code, still same thing.

    • runorthwest
      runorthwest 10 months ago

      Maybe a little late, reposting another comment
      BromBrom41 :
      try changing your callback url to 127.0.0.1:50060/signin-twitter or localhost:50060/signin-twitter in your twitter app setting. [change the port number according to your situation, mine was set 50060 by default as I used built-in IIS express.]

    • IAmTimCorey
      IAmTimCorey  Year ago

      You will see where to set it up starting at 30:35

    • Mubin Ahmed
      Mubin Ahmed Year ago

      Where is SSL version? I dont know how to find the twitter url in my project

    • Victor Onyebuchi
      Victor Onyebuchi Year ago

      Thanks for relying Tim. Will try this out now.

    • IAmTimCorey
      IAmTimCorey  Year ago +1

      Check to be sure you are using the SSL version of the Twitter URL. If you are, check out the following possibilities: www.bing.com/search?q=c%23%20twitter%20oauth%20403%20site%3Astackoverflow.com&qs=n&form=QBRE&sp=-1&pq=c%23%20twitter%20oauth%20403%20site%3Astackoverflow.com&sc=0-43&sk=&cvid=F69BE62225A74597B2FC2A3A15B02BEA

  • personkiller19960

    Thank you so much. Comprehensive content. Liked, subbed and belled.

    • IAmTimCorey
      IAmTimCorey  Year ago

      Excellent! I'm glad you enjoy the content.

  • Mohamed Monir
    Mohamed Monir Year ago

    i want to know how to custome ASP.NET MVC Authentication how to custome it

    • IAmTimCorey
      IAmTimCorey  Year ago

      That is a more advanced video that will come out at some point.

  • abhinav sengar
    abhinav sengar Year ago

    Nicely explained... Please make a video on other functionalities of identity, e.g email verification before login, reset password, forgot password, Two-Factor Auth.
    Thanks a lot for providing such great contents.

    • IAmTimCorey
      IAmTimCorey  Year ago

      It is on the list. Thanks for the suggestions.

  • Vladimir Milatovic

    Hi I watch all your videos about ASP.Net and it helped me a lot to start with web programing. I am not big fan of web, you never know are you on server or on client side. I know that there is a lot more but it will be nice if you can extent this video to full implementation of authentication. Create user, chose role, add two factor authentication鈥 I made some workaround for all this but I am sure that there is some better way to accomplish that.
    I had to extend RegisterViewModel class with new fields (FirstName, LastName..) Everything work fine but I get problem when I create Edit view. I pass RegisterViewModel object as model into the view. I get all information鈥檚 about user but when I click Save button I don鈥檛 get back UserId in model, I am not using that field on view. I had to put hidden field on view to get UserId. I notice that I don鈥檛 have values for all properties that I didn鈥檛 use in view. Way is that? I pass object with all data and get back .Thanks.

    • Vladimir Milatovic
      Vladimir Milatovic Year ago

      Ok, My mistake. My Jquery was total disaster. Now all work. To get back values to POST throu model, you need to place hiden (or not hiden) element on view and asign to it some value even if you pass in default value. Example: @Html.HiddenFor(m => m.RoleName) I set value for RoleName in controler and in view i put this hiden element. I use dropdown list to select some value and I need to save Id and Text for selected item. For that I use Jquery. Id value is binded to model but Text I need to asing manualy. My mistake was that I didn't check does $("#RoleList") element exist. $("#RoleName").val($("#RoleList").find("option:selected").text());
      My logic was that this code will not have any efect becouse curently I dont have element with id="RoleName". That was mistake. Html.HiddenFor command will create INPUT element with id="Name of property", in my case "RoleName" and my Jquery asign null to that property becouse element RoleList doesn't exist.I hope that this will help someone with similar problem. Thanks.

    • IAmTimCorey
      IAmTimCorey  Year ago

      I am working on a course now that uses full authentication including groups, password reset, etc. That should help clarify things. If you are on the mailing list you will hear more about it soon. As for your issue, I'm not really sure. You are going to have to do some debugging to figure it out.

  • Muhammad Adnan
    Muhammad Adnan Year ago

    registration login password forget and reset make full series on it ?

    • Muhammad Adnan
      Muhammad Adnan Year ago

      world you please create a full eCommerce web with asp.net ?

    • Muhammad Adnan
      Muhammad Adnan Year ago

      thats why i was asking if its exist sir ..... okay waiting

    • IAmTimCorey
      IAmTimCorey  Year ago

      I am working on it now. It is not live yet.

    • Muhammad Adnan
      Muhammad Adnan Year ago

      video link sir or will you upload this ?

    • IAmTimCorey
      IAmTimCorey  Year ago

      I have a series in production right now that will do full authentication with forgot password, reset password, groups, and more.

  • nazar tvm
    nazar tvm Year ago +1

    Please make a video of ASP.NET identity deeply

    • nazar tvm
      nazar tvm Year ago

      IAmTimCorey similar to that but looking deeply and how to manage time out's in that

    • IAmTimCorey
      IAmTimCorey  Year ago +4

      Well, my upcoming course on ASP.NET Core from Start to Finish will cover identity, groups, individual permissions, locking down endpoints for groups, etc. Is that what you are looking for or something else?

  • Ambrose Langat
    Ambrose Langat Year ago

    Hello Tim. Great works there!
    Questions
    (1) Is it possible to to change the database name? How do we do it?
    (2) How do we create ASP.Net identity database in SQL Server?
    Thanks

    • Ambrose Langat
      Ambrose Langat Year ago

      Thank you.

    • IAmTimCorey
      IAmTimCorey  Year ago

      Good question. To change the database name, just change the connection string. If it is a LocalDB, it will create that new database. If it is a SQL database, it will look for that new database but crash if it does not exist yet. As for creating the ASP.NET Identity database in SQL Server, the easiest way is to create an empty database in SQL and point the connection string in C# to it. Then run the application and try to register an account. It will see that the tables do not exist and it will create them.

  • moatasim abdelbaset

    Thanks

  • cool water
    cool water Year ago

    I'm loving this ASP.NET series. Thank you. Request: If you decide to make a lesson about EF, can you do a database first approach? Using Stored Procedures in EF would be nice also. Again Thank you.

    • IAmTimCorey
      IAmTimCorey  Year ago +2

      I doubt I'll be doing an EF video any time soon since I'm really not a fan of EF (check out my video on connecting C# to SQL) but I'll keep it in mind.

  • Learner
    Learner Year ago

    Very nice video!!! It would be nice if you cover OAuth token access from the client side to consume this ASP.NET OAuth site.

    • IAmTimCorey
      IAmTimCorey  Year ago

      Absolutely! It is on my list. That was a tough one to get right when I was learning how to set up authentication.