Last post Feb 05, 2019 03:15 AM by Nan Yu
Feb 04, 2019 09:59 PM|zpat978|LINK
Feb 04, 2019 11:12 PM|bruce (sqlwork.com)|LINK
generally you use a different authentication scheme and account between the front end and the backend. the frontend should be a service account with access to the webapi service. it should do its own login to the webapi (basic or certificate makes sense
here). the user account is passed as a parameter or header (x-forward) along with the request.
note: normally your network people will require this.
Feb 05, 2019 03:15 AM|Nan Yu|LINK
You can also refer to below article :
ASP.NET Core 2.2 - JWT Authentication Tutorial with Example API
You can implement Refresh Token to avoid asking the user for credentials again after token expires :