1

I have a question about Bearer Token on asp.net WebApi. I've been creating WebApi's but just to be consumed by some client(Android,iOS), but now I need to create a Login page in this same project and I don't know how to handle this, since once using a client app, i just make a request to api/token and get the access token, but how to get this from a Web Page? Do I need to use some back-end like NodeJs or AngularJS ?

This is the endpoint :

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions()
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(300),
            AllowInsecureHttp = true
        });
Improve this question
9
  • Just make a http request to the same endpoint api/token and the bearer token should be returned in the headers or body depending on how you return it? Commented Jul 20, 2017 at 10:58
  • But the problem is, if I need to create more pages to pass the token through the header ? I nee to storage this somewhere on browser! it would be more easier to do this with nodeJs ? Commented Jul 20, 2017 at 11:04
  • Not sure why you would use node?Just hold the bearer token client side in a session variable or similar, then you can use it whenever you make a request to your API. Out of interest, what are you using on the client side? JQuery? Angular? Knockout? Commented Jul 20, 2017 at 11:05
  • I'm using nothing yet. That's why I was asking how to save this token, if I should use NodeJs to request and get the token or by HttpClient from C#. I'm new with web-side thing. So with Angular should solve my problem ? Commented Jul 20, 2017 at 11:18
  • 1
    Essentially, whatever you use on the client side to get the token (I use Angular and React as they have in built functionality for making http requests), you then need to get the response and store the token in the client. Take a read of this stormpath.com/blog/…. It should give you a bit of insight into client side storage. Again I tend to use cookies as it's built in with a lot of the .net MVC stuff, but you could use session storage also Commented Jul 20, 2017 at 11:27

1 Answer 1

Reset to default
1

Essentially, whatever you use on the client side to get the token (I use Angular and React as they have in built functionality for making http requests), you then need to get the response and store the token in the client. Take a read of this https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage. It should give you a bit of insight into client side storage. Again I tend to use cookies as it's built in with a lot of the .net MVC stuff, but you could use session storage also

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.