2

I am trying to add authentication on the server side on a REST API. It is required that the client will be transmitting the JWT (Json Web Token) on a header named x-access-token. eg.

Content-Type: application/json
X-Access-Token: ...<JWT>...

Unfortunately, all the examples I found in internet about .net web API talk about Authorization Bearer, like:

Content-Type: application/json
Authorization: Bearer ...<JWT>...

Does anyone have any example of how I can make a server app to authorize access only with the appropriate x-access-token key?

Efthymios Kalyviotis
  • 859
  • 10
  • 24
  • If you read [RFC6750](https://tools.ietf.org/html/rfc6750), it's clear that the best way to send JWT token should be sent inside **Authorization header** with **Bearer prefix**, why you do this ? – Fadly Dec 16 '18 at 15:50
  • Lets say that it is a kind of an assignment. Should I check manually the request's Headers and manually parse 'X-Access-Token' key for the JWT? – Efthymios Kalyviotis Dec 16 '18 at 15:56
  • 1
    I never do this before, but i think you should see & try this [Example](https://stackoverflow.com/questions/46993274/jwt-in-request-header-is-not-the-same-in-receiving-net-core-api), try to change **Authorization** with ** x-access-token** and remove **Bearer** string. – Fadly Dec 16 '18 at 16:19
  • maybe it will change the mechanism for sending jwt tokens – Fadly Dec 16 '18 at 16:22
  • Good idea. I will try and let know. I guess that I can always use in all GET, PUT, POST a manual check for it (like var token=context.Request.Headers["Authorization"].ToString();...Check claims... blahblah... ). Right? – Efthymios Kalyviotis Dec 16 '18 at 16:53

0 Answers0