Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Welcome5:52 with James Churchill
Let's start with an overview of why we need authentication, an introduction to the ASP.NET Identity authentication system, and what you'll learn in this course.
Microsoft's official website for the ASP.NET Identity authentication system is available at https://www.asp.net/identity. There you can find additional information about the framework include a series of walkthroughs.
Adding Authentication to an ASP.NET Web API Application
For more information about how to use ASP.NET Identity with an ASP.NET Web API application, see the following walkthroughs:
- Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2
- External Authentication Services with ASP.NET Web API
To get the most from this course, you should feel comfortable with C#, ASP.NET MVC, Visual Studio, and the basics of Entity Framework. For more information about those topics, check out these Treehouse courses and workshops:
- C# Basics
- C# Objects
- Intermediate C#
- ASP.NET MVC Basics
- ASP.NET MVC Forms
- Introduction to Visual Studio
- Entity Framework Basics
- Entity Framework Migrations
Security Related Content at Treehouse
For a complete list of other security related content at Treehouse, see the "Security" topic in our library:
[MUSIC] 0:00 [SOUND] Hi, my name is James. 0:09 In earlier Treehouse content, 0:10 we saw how ASP.NET can be used to create web-based, data driven applications. 0:12 These applications contain pages that allowed users to view, 0:18 create, update and delete records. 0:23 While working with those examples our application had only one user, ourself. 0:25 If we were to give our friends access to our application, 0:31 say by publishing it online, we'd immediately run into a big problem. 0:35 Other users could create new records, but our application wouldn't be able to 0:39 distinguish which records were created by which users. 0:44 This is probably not what users would expect. 0:48 By default, most users would expect that they'd only be able to view and 0:51 modify their own data. 0:55 To resolve this issue, we need to add a feature to our application, 0:57 User Authentication. 1:01 User Authentication gives us a way to identify our users. 1:03 Once we know the identify of our users, we can associate specific data 1:07 with specific users and track what they do within our application. 1:12 We can also control what they can and 1:17 cannot do in our application based on their identity. 1:19 This is known as authorization. 1:22 To implement user authentication and authorization ASAP.net application, 1:25 we can leverage the ASAP.NET Identity Authentication System. 1:30 ASP.NET Identity is an open source project developed by Microsoft that's compatible 1:35 with a variety of web frameworks including an ASP.NET MVC and Web API. 1:41 Identity also supports a variety of authentication providers including local 1:47 user accounts, third party providers such as Google, Facebook, Twitter or GitHub. 1:51 Or even enterprise providers like Microsoft´s own Active Directory. 1:58 Identity is also highly customizable. 2:02 For example, you can customize the user profile data schema, or 2:05 control how data is persisted. 2:09 And lastly, Identity supports unit testing. 2:12 Since you don´t have to sacrifice the testability of your code 2:15 in order to leverage its features. 2:19 As we learn about ASP.NET Identity, we'll add user authentication to 2:22 an existing ASP.NET MVC application, the Fitness Frog web app. 2:26 Fitness Frog allows users to track exercise activities using their a desktop 2:31 or a mobile web browser. 2:36 After installing Identity into the existing Fitness Frog project, 2:38 we'll add a user registration page that will allow users to create an account. 2:42 Then we'll add support for users to sign in and sign out. 2:47 And when users are signed in, 2:51 we'll update the web app to display the user's identity. 2:53 As you update the Fitness Frog web app, you'll learn how to leverage 2:57 user authentication to secure an application and protect your user's data. 3:01 You'll implement cookie-based authentication, and 3:05 see how to support user registration and sign-in/sign-out. 3:09 You'll also learn how to restrict anonymous access 3:14 to part of an application. 3:17 Use SSL to secure communication between the client and server and 3:19 prevent a common security attack vector known as CSRF or 3:25 cross site request forgery. 3:29 We'll be covering a lot of ground in this course, but 3:32 we wont have time to cover every aspect of the ASP.NET Identity system. 3:34 We won't be reviewing the code that visual studio adds to an ASP.NET application 3:39 when generating a new project with user authentication enabled. 3:45 While visual studios ASP.NET project templates make it easy 3:49 to create a new project that includes ASP.NET Identity, 3:53 we're going to take the approach of adding Identity to our project, step by step. 3:57 This will help you to understand how each of the individual pieces come together 4:03 to provide a complete authentication solution. 4:07 And while ASP.NET Identity is compatible with Web API, 4:10 we'll be focusing on ASP.NET MVC. 4:14 See the teachers notes for resources that can help 4:18 get you up to speed with Identity and the ASP.NET Web API framework. 4:21 We also won't be covering how to leverage user authorization 4:26 including working with user roles or claims. 4:30 Or how to restrict access to part of a web application based upon a user's roles or 4:34 claims. 4:39 User authorization will be covered in future Treehouse content. 4:40 I'm going to assume that you're already familiar with the basics of ASP.NET MVC, 4:44 Entity Framework, and Visual Studio. 4:49 If you're unfamiliar with any of those topics or you need a refresher, 4:52 check the teachers notes for a list of Treehouse resources that can help. 4:56 You might also find it helpful to check out our other security related content 5:00 here at Treehouse. 5:04 See the teacher's notes for a list of our available resources. 5:06 In this course, I'll provide some of my instruction as written texts. 5:10 This text based instruction will let you work at your own pace 5:14 through the step by step directions I will give you in this course. 5:18 Text-based instruction also makes it easier to reference code snippets 5:21 as you follow along. 5:26 And it's easy to scan through text-based instruction when you need to look 5:28 up something. 5:31 To get the most from this course, 5:33 I would encourage you to follow along with each step. 5:35 Write the code yourself as I'm writing it, or just after. 5:38 Doing this will help you to learn and 5:42 retain the material presented in the course. 5:44 Ready to get started? 5:47 Let's start with a look at how authentication works. 5:49
You need to sign up for Treehouse in order to download course files.Sign up