We have a WebAPI that we are looking to use IdentityServer. This is fine for users who are registered and we can allow various actions like adding to shopping cart and other user tracking as we already have the user id since they are logged in.
We want to allow anonymous users to add things to cart and other actions. We have been looking at some way of doing this and I was wondering if anyone can suggest which one of the following may work well.
Track user with some generic ID and keep passing that to WebAPI until user is logged in and then start using tokens?
Create a new endpoint for IdentityServer which gives an anonymous token and use that until user is logged in
We are leaning towards 2 but still pondering.
I am wondering if there are any other alternatives to above.
Appreciate any advice.
If this fixed your issue then please 'Mark as Answer'
Thats the simplest solution yes. However I see the following issues.
Any type of tracking like this will mean always sending additional params to server along with any tokens.
So my request would look like {"unique_cardid","xxxxx", other stuff} and then when I do have a token I would no longer need that that and put all data using Id from the auth token.
This also means I have to keep performing additional checks to check to see if to get the cart from that unique token (when not logged in) or to get from User id when logged in.
Cart is just an example in reality mean things would be tracks for anonymous user so that might mean creating many of these unique id's
If this fixed your issue then please 'Mark as Answer'
@PatriceSc you are right I was leaning towards that logic it just means as mentioned before that now you have ot manage multiple headers and see which one you need i.e loggedin/anonymous. I was hoping that some how there would be a token for anonymous which
means one header and just swap it for for a new one on login. This would support native apps also.
If this fixed your issue then please 'Mark as Answer'
Participant
883 Points
294 Posts
Tracking of anonymous users in WebAPI
Oct 29, 2020 03:23 PM|ammd|LINK
We have a WebAPI that we are looking to use IdentityServer. This is fine for users who are registered and we can allow various actions like adding to shopping cart and other user tracking as we already have the user id since they are logged in.
We want to allow anonymous users to add things to cart and other actions. We have been looking at some way of doing this and I was wondering if anyone can suggest which one of the following may work well.
I am wondering if there are any other alternatives to above.
Appreciate any advice.
All-Star
52291 Points
23327 Posts
Re: Tracking of anonymous users in WebAPI
Oct 29, 2020 04:07 PM|mgebhard|LINK
Generate a unique Id when a cart is created. Store the ID in a cookie and use the same ID to identify the shopping cart.
Participant
883 Points
294 Posts
Re: Tracking of anonymous users in WebAPI
Oct 29, 2020 04:41 PM|ammd|LINK
Thats the simplest solution yes. However I see the following issues.
Any type of tracking like this will mean always sending additional params to server along with any tokens.
So my request would look like {"unique_cardid","xxxxx", other stuff} and then when I do have a token I would no longer need that that and put all data using Id from the auth token.
This also means I have to keep performing additional checks to check to see if to get the cart from that unique token (when not logged in) or to get from User id when logged in.
Cart is just an example in reality mean things would be tracks for anonymous user so that might mean creating many of these unique id's
All-Star
48340 Points
18017 Posts
Re: Tracking of anonymous users in WebAPI
Oct 29, 2020 05:13 PM|PatriceSc|LINK
Hi,
Outdated, but it reminds me https://docs.microsoft.com/en-us/previous-versions/aspnet/ewfkf772(v=vs.100) that worked pretty much as you told. (using https://docs.microsoft.com/en-us/dotnet/api/system.web.security.anonymousidentificationmodule?view=netframework-4.8 behind the hood).
You are using ASP.NET 4.x or ASP.NET Core? I see for example https://stefanolsen.com/posts/an-owin-middleware-to-support-anonymous-profiles-and-carts/ or https://github.com/aleripe/AnonymousId
Participant
883 Points
294 Posts
Re: Tracking of anonymous users in WebAPI
Oct 30, 2020 03:03 PM|ammd|LINK
@PatriceSc you are right I was leaning towards that logic it just means as mentioned before that now you have ot manage multiple headers and see which one you need i.e loggedin/anonymous. I was hoping that some how there would be a token for anonymous which means one header and just swap it for for a new one on login. This would support native apps also.