2

I've been trying to consume an authorized ASP.NET Odata Web API by using an Odata client. I do know how to set the header with the token for the client, but where should the token be kept for re-use?. Because the Authorization header has to be set with each request, not just once. To be more precise, this is what I am down to:

  1. Get user's credentials, pass them back to the API.
  2. Get token.
  3. Set the header for the Odata client with the token value.

I am struggling with the actions to be taken between 2nd and 3rd step: Where should the token be kept, so you could keep setting the Odata client Header with it?

This is how I set the authorization header value.

EDIT: In regards to the comment, I might've not clearly specified the issue. The problem arises, because controllers will be created for every request and will be garbage collected "sometime after" the request has completed. So, the token value will be gone.

Community
  • 1
  • 1
MichealOchajo
  • 90
  • 8
  • Can't you just store it in a string variable? – GWigWam May 18 '17 at 11:12
  • Do you explicitly need to call the api from the serverside, or would it be also feasible to call it from clientside, e.g. via ajax calls? – earloc May 18 '17 at 17:36
  • @AlexanderClare, Ajax calls won't be used, API will be consumed through the use of Odata client only. – MichealOchajo May 18 '17 at 17:44
  • have a look [here](http://stackoverflow.com/questions/31109197/store-jwt-token-in-cookie), they are storing it in a cookie. If you do not want to expose the actual token on the client side, store it somewhere near your e.g. user profile / session, or store the token with a generated id in a lookup-table and save the id to a cookie. – earloc May 18 '17 at 17:51
  • this is [another approach](http://stackoverflow.com/questions/40989858/save-tokens-in-cookie-with-asp-net-core-identity) using ASP.NET Identity and ApplicationCookies – earloc May 18 '17 at 17:52
  • @AlexanderClare, make a proper answer, so I can close the question properly, finally managed to complete this part, thank you :) – MichealOchajo May 18 '17 at 20:15
  • done ;) glad i could´ve helped out! – earloc May 18 '17 at 20:49

1 Answers1

1

have a look here, they are storing it in a cookie. If you do not want to expose the actual token on the client side, store it somewhere near your e.g. user profile / session, or store the token with a generated id in a lookup-table and save the id to a cookie.

this is another approach using ASP.NET Identity and ApplicationCookies

Community
  • 1
  • 1
earloc
  • 2,070
  • 12
  • 20