locked
Set session after calling api from Jquery in . net core RRS feed

  • Question

  • User-257070954 posted

    Hi All,

            I am developed one .net core web api in core and developed one core Client application to use this API . I am using Jquery to call to call this api. My question is if my login is success i want to set session from jquery and don't allow to user to see this in browser . How its possible.  ?

    Thursday, July 2, 2020 12:02 PM

All replies

  • User475983607 posted

    Web API is stateless and therefore does not use Session.  Typically, Web API uses a bearer token to identify and authorize a client.   I recommend learning the security option available in Core Web API found in the official reference documentation.  Make sure you set aside the time to read through the items in the left navigation menu. 

    https://docs.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-3.1

    https://docs.microsoft.com/en-us/dotnet/architecture/microservices/secure-net-microservices-web-applications/

    Thursday, July 2, 2020 12:45 PM
  • User-257070954 posted

    Hi mgebhard,

                      In my question i am pointing to how we set  session variable  by jquery. That's i want to access in all pages in client application. i don't want to uses cookies etc.I hope you understood my question

    Thursday, July 2, 2020 2:15 PM
  • User-474980206 posted

    As stated, webapi does not support session. You will need to use your own keyed persistent storage. Just use a guid as the key. As also stated if you don’t want to use a cookie for authentication, then you use either basic, or a bearer token. You can store the persistent store key in the bearer token. if you use basic, then just make an api call to get the key, and pass in calls.

    Thursday, July 2, 2020 2:36 PM
  • User-257070954 posted

    Hi bruce.

                 I am talking about client application which i am using  web api

    Thursday, July 2, 2020 3:29 PM
  • User-474980206 posted

    website are stateless. to use a session you pass a key (sessionid if asp.net session). this key must be passed with every request. you decide how:

    1) if browser based you have the option of a cookie, a url parameter, or a form value on a post
    2) if ajax call on page, you have the option of cookie, url parameter, header, or in the payload

    you make the choice. as webapi does not have builtin session support, you can do want you want.

     

    Thursday, July 2, 2020 7:29 PM