Reputation: 475
How to handle Authentication tokens
I have a API mobile service that handles users' login and verification. If a user is verified then it produces an authentication token. On my end I have a Web client that receives that token and uses it to call different Api controllers. How should I go about keeping a user logged in status constant?
Can I store the token on a cookie? would it be exposed to abuse if I do so? would a session work better? What is the best way to handle this issue? Sorry for the noob question, but I have never done this type of setup before.
Upvotes: 0
Views: 119
Answers (1)
Reputation: 4135
The token can be stored relatively securely on the client as a cookie. Here's an example using Forms Authentication. It can be made even more secure by requiring SSL.
You can also consider using HTML 5 local storage like this: http://www.princesspolymath.com/princess_polymath/?p=396
...which can be more efficient, as you manually use the token when making AJAX calls that require it instead of sending the cookie on every single request.
Upvotes: 1
Related Questions
- How to implement custom authentication in an Azure Mobile App
- Azure Mobile Services, HttpClient, Authorization
- How to handle expired auth tokens in Xamarin MobileServiceClient?
- Get user info like name, email Id etc from authentication token in .NET Backend Azure Mobile Service
- Azure Mobile Services Custom Authentication
- How to handle the user token in Azure Mobile App for Xamarin Forms?
- Azure Mobile Services and Web API authentication
- Azure Mobile services, C# backend get actually user access token for provider
- Validating Azure Mobile Service token in a WebApi service
- Validate token in Azure mobile services with custom authentication