stackoom
  简体   繁体   中英

How to store JWT Token in authorization header in Aspnet Core

 原文  2020-10-27 05:14:05       c#/ asp.net-core/ jwt/ openid-connect

Question

I have an "Auth Service" application in .Net Core which authenticates via a Challenge Request and then redirects back to the client application with a token.

    [AllowAnonymous]
    [HttpGet("Login")]
    public IActionResult Login()
    {
        return Challenge(new AuthenticationProperties
        {
            RedirectUri = returnUrlQs
        }, OpenIdConnectDefaults.AuthenticationScheme);
    }

Currently I transmit the token through a HTTP cookie using the options.Events.OnAuthorizationCodeReceived OpenId Connect event. However the 4kb cookie length is too small and so I want to try move it to the authorization header.

I've tried setting the Response header but it's not received on the other side; on the client app.

Is this possible to achieve?

Thanks for any help!

3 answers

solution1
 4  2020-10-27 06:38:40

Setting request headers is the client's job, not the API's. So your back-end can't set those. You'll need to return the token so that code on your front-end can get it and then assign it as a request header on future requests.

Another option here might be to do the OpenID Connect authentication from your front-end application (depending on what your identity provider supports). This way it would get tokens and have the ability to refresh them, and your API could focus on just validating tokens in requests.

solution2
 0  2020-10-27 07:36:49

Put your token inside the body of response and include [Authorize] attribute. eg:

//in your api
[Authorize]
[HttpPost("update")]
private IActionResult update([FromBody] Model model){
//do some actions here
}

and in your client side, you store your token via session or any temporary storage then retrieve it if necessary and put it in your header. do something like this:

  //in your client
  $.ajax({
  type: "POST",
  url: "/update",
  data: {someParameter: "some value"},
  contentType: "application/json; charset=utf-8",
  Authorization : "Bearer " + yourToken,
  dataType: "json",
  success: function(msg) {
    //some code
  }
});

i did not test this code but only to give you some idea.

solution3
 0  2020-10-27 08:17:29

如果您对 4Kb 的限制有疑问,那么您应该节食我们的令牌并通过删除不必要的声明来减小其大小。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to validate JWT Token in aspnet.core web api? aspnet core jwt token as get param AspNet WebApi core JWT token not Authenticating How to handle JWT in ASPNET Core MVC JWT bearer token Authorization not working asp net core web api AspNet.Core, IdentityServer 4: Unauthorized (401) during websocket handshake with SignalR 1.0 using JWT bearer token After store JWT token in cookie how to break that cookie and get information in ASP.NET Core 3.1 .NET Core API - does the middleware set the JWT bearer token in the header? How to use JWT token to authorize user from react to asp net core web api. When to use autorization header bearer token? C# Authorization JWT token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM