stackoom
  简体   繁体   中英

How to handle Authentication tokens

 原文  2015-04-08 17:38:19       c#/ .net/ azure/ azure-mobile-services

Question

I have a API mobile service that handles users' login and verification. If a user is verified then it produces an authentication token. On my end I have a Web client that receives that token and uses it to call different Api controllers. How should I go about keeping a user logged in status constant?

Can I store the token on a cookie? would it be exposed to abuse if I do so? would a session work better? What is the best way to handle this issue? Sorry for the noob question, but I have never done this type of setup before.

1 answers

solution1
 1 ACCPTED  2015-04-08 18:11:17

The token can be stored relatively securely on the client as a cookie. Here's an example using Forms Authentication. It can be made even more secure by requiring SSL.

You can also consider using HTML 5 local storage like this: http://www.princesspolymath.com/princess_polymath/?p=396

...which can be more efficient, as you manually use the token when making AJAX calls that require it instead of sending the cookie on every single request.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to handle popup authentication? How do I handle ActAs tokens in WIF 4.5? How to change claim values in refresh tokens and bearer authentication How should I handle authentication with Nancy? How to handle authentication in an ember.js app Forms Authentication: How to handle unauthorized authenticated user How to handle authentication/authorisation in a web application How to handle authentication between API and Client in Azure How to handle “Authentication required” window in Selenium? How to handle windows authentication popup cancel button?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM