Recently built JWT token using web API Core. Just need serious clarification below are the details
If User A is logged using browser tab A and request has been processed and token is generated. If User B is logged using browser tab B and request has been processed and token is generated. What will happen if i sent User A token to User B How to validate the token that this token is for this particular logged in user ?
I think you might be misunderstanding the way Authentication work generally.
In JWT Auth, 'logged in' simply means that the request you're making contains a valid Bearer token. This means that the user that sends a valid token is always the valid logged-in user and there is no need for any further validation.
If however, you need further information based on the Authenticated user, you can access that information from the HttpContext
or the ClaimsPrincipal
property in your controller named User
.
For example,
string accessToken = await HttpContext.GetTokenAsync("Bearer", "access_token");
string userName = User.FindFirst(ClaimTypes.Name).Value;
NB: You must explicitly store claims that you'd love to retrieve from the User
property.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.