Last post Feb 11, 2016 06:30 AM by Yohann Lu
Feb 09, 2016 09:20 AM|g_arora|LINK
We have created ASP.Net Web API2 using Windows Identity library for Jason Web Token. Please note that we did not create OAuth2 (no middle-ware server for authentications).
There are different clients (altogether different platform and devices) who are going to consume these services. On every subsequent request they have to pass JWT within header of requests.
We have two types of token one is short duration token (expires in an hour) and other one is long duration (expires within 3-days). At server side we are validating this token using library itself.
Apart from token we have a static API-Key (generated with some algorithm) and every client is associated with this key - same key can be used by multiple clients.
What would be the best approach to store/apply token and our custom api keys for authenticate any incoming requests?
Feb 11, 2016 06:30 AM|Yohann Lu|LINK
There are some ways to store your JWTs in your application. You can refer the following.
•HTML5 Web Storage (localStorage/sessionStorage)
You can also set the Secure cookie flag to guarantee the cookie is only sent over HTTPS. This is one of the main reasons that cookies have been leveraged in the past to store tokens or session data.
More detailed information about Where to Store Your JWTs - Cookies vs HTML5 Web Storage:
In the below tutorial, describes how to implement a simple authentication using Jwt in Asp.Net Web Api 2.2. You can refer it.