locked
Best way to apply tokens (jwt) and in Asp.net WebAPI to validate and authenticate incoming requests? RRS feed

  • Question

  • User1652535239 posted

    Hi all,

    We have created ASP.Net Web API2 using Windows Identity library for Jason Web Token. Please note that we did not create OAuth2 (no middle-ware server for authentications).

    There are different clients (altogether different platform and devices) who are going to consume these services. On every subsequent request they have to pass JWT within header of requests.  

    We have two types of token one is short duration token (expires in an hour) and other one is long duration (expires within 3-days). At server side we are validating this token using library itself.

    Apart from token we have a static API-Key (generated with some algorithm) and every client is associated with this key - same key can be used by multiple clients.

    What would be the best approach to store/apply token and our custom api keys for authenticate any incoming requests?

    Tuesday, February 9, 2016 9:20 AM

Answers

  • User36583972 posted

    Hi g_arora,  

    There are some ways to store your JWTs in your application. You can refer the following.  

    •HTML5 Web Storage (localStorage/sessionStorage)

    Web Storage (localStorage/sessionStorage) is accessible through JavaScript on the same domain. This means that any JavaScript running on your site will have access to web storage.  

    •Cookies

    You can also set the Secure cookie flag to guarantee the cookie is only sent over HTTPS. This is one of the main reasons that cookies have been leveraged in the past to store tokens or session data.

    More detailed information about Where to Store Your JWTs - Cookies vs HTML5 Web Storage:

    https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/

    In the below tutorial, describes how to implement a simple authentication using Jwt in Asp.Net Web Api 2.2. You can refer it.

    http://www.codeproject.com/Articles/369657/Simple-Authentication-using-Jwt-in-Asp-Net-Web-Api

    Best Regards,  

    Yohann Lu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, February 11, 2016 6:30 AM