locked
Generating API token randomly RRS feed

  • Question

  • User-1995752111 posted

    Hi,

    can anybody help me how to randomly generate a token for certain user to be allowed to use the API? And than every time the user tries to use the API he/she should use this token and be validated on API side if the sent token is the one I generated to him/her.

    Thank you!

    Thursday, June 14, 2018 7:07 PM

All replies

  • User475983607 posted

    Hi,

    can anybody help me how to randomly generate a token for certain user to be allowed to use the API? And than every time the user tries to use the API he/she should use this token and be validated on API side if the sent token is the one I generated to him/her.

    Thank you!

    This question is far too open and simplistic to answer accurately.  I think a JWT, JavaSCript Web Token, will solve the problem but you'll need to do a bit of leg work and make sure. 

    https://stackoverflow.com/questions/40281050/jwt-authentication-for-asp-net-web-api?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa

    Thursday, June 14, 2018 7:48 PM
  • User-1995752111 posted

    Thank you! I will try this.

    Will this help, be more precise: I should create a token that can be sent as a response to the client's get request for  a token.

    A client sends http GET token request in order to be able to use the API. After the token is generated on API side, it should be sent as a response to clien'ts get token request.

    Thursday, June 14, 2018 8:57 PM
  • User475983607 posted

    Thank you! I will try this.

    Will this help, be more precise: I should create a token that can be sent as a response to the client's get request for  a token.

    A client sends http GET token request in order to be able to use the API. After the token is generated on API side, it should be sent as a response to clien'ts get token request.

    The question is still too simplistic and vague.  The answer could be a simple "roll your own" token authentication or it could mean using a standard protocol like OAuth and OpenId Connect. 

    My best guess is you are tasked with building token authentication and you're echoing a vague requirement to the community rather than doing a bit of research.

    Below are a few ideas to get you started.

    http://docs.identityserver.io/en/release/

    https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/individual-accounts-in-web-api

    Thursday, June 14, 2018 9:21 PM