0

I'm building a web application with an ASP.NET Web API backend and a Vue.js frontend. I've implemented JWT authentication and am storing the access token in an HTTPOnly cookie for security reasons. However, I'm facing a challenge in checking users auth status on the frontend.

Since the token is HTTPOnly, it's inaccessible from JavaScript, including Vue.js. This means I can't directly check if a user is authenticated on the frontend.

My question is how can I effectively check users auth status on the Vue.js frontend while maintaining the security of the HTTPOnly JWT token? Are there any recommended strategies or patterns to achieve this?

Improve this question
2
  • You can have a dedicated endpoint for checking auth status. If user info fetching is lightweight or you use OPTIONS method, you can use it, for instance. You can ping it occasionally but there may be no need for that. As long as a user successfully logged in, consider them logged in. When you receive 401/403 from another api call, you need to make another request to that endpoint to make sure it's authentication and not authorization problem, then change client side status to guest. Or skip the extra req if there's clear distinction between 401 and 403 in your api Commented Nov 12, 2024 at 13:11
  • The question is too broad for SO, try softwareengineering.stackexchange.com if you still have unsolved questions Commented Nov 12, 2024 at 13:16

1 Answer 1

Reset to default
0

you can create a authorized endpoint in web api like GetAuthStatus and validate it on client side on route change. it recommended to keep the token in HttpOnly cookie.

Something like this

[Authorize]
[HttpGet]
public IActionResult GetAuthStatus()
{
     return Ok(new { isAuthenticated = true, userName = User.Identity.Name 
     });
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.