Home Can I secure an MVC Core web application with JWTs only?
Reply: 0

Can I secure an MVC Core web application with JWTs only?

user1267 Published in July 22, 2018, 10:28 am

I have a Core Web API protected by JWTs, and this service is consumed, via HttpClient, by a WPF application. This all works nicely because once I have a token I pass it in a header with each request.

Now I need to build an MVC Core web application that uses some of the functionality of the API. To avoid CORS issues, I would like to import the API controllers into the web application. However, I don't want to mix cookie and JWT auth.

Normally in the WPF application, for login, I make a request to my API's Token controller, get the token and use it to authorize subsequent requests. Now I can build a login page in the main MVC application that calls into my Token controller with HttpClient and gets a JWT, but then how do I use that token to authorize all other actions in the main MVC app. It also seems very clumsy to have to use HttpClient to pass the JWT header for internal calls.

Is there a way I can secure my MVC application from the start with JWTs without having to use HttpClient. That is, once I have my token, and all actions are secured by tokens, how do I store and pass that token for all other requests to the main MVC app?

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.312635 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO