0

I designed an authorization verification middleware. If the http header has a 'token', set the request's sessionid to its value, read the content of the corresponding session to determine whether it is authorized, but it is not clear how to change the sessionid.

This operation is very well implemented in go and php languages, but because I just learned asp.net core. I hope some friends can help me out, because cookies are not allowed due to usage scenarios, so I still hope that it can be implemented in this simple way.

Thank you very much!

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
桑榆肖物
  • 73
  • 2
  • 8
  • 1
    Better to use a JWT. ASP.NET Core integrates with this very well. – Peter Dongan Dec 10 '21 at 16:20
  • If you are building an asp.net core web api project, then I would agree with @Peter to use JWT – Jeffery Dec 10 '21 at 16:59
  • I started with JWT, but it was not suitable in my usage scenario, so I had to write this middleware myself. By looking up the data, I found that net6 does not seem to support this operation of setting sessionid. – 桑榆肖物 Dec 11 '21 at 03:18
  • Could you pls tell us why you prepare to set session id with the token value? In my opinion, token should be used to represent some validation information, it should be sent with each request, and before accessing each api the token should be validated to check if this request has permission to hit the api. By the way, token can be expired in a short time because you may change the policy, so I really don't know if it is required to stored as a session id. – Tiny Wang Dec 13 '21 at 03:04
  • In the wechat applet, each request is stateless. Cookies cannot be sent. At the same time, I need to ensure that the web side can use the service in session mode. The expression of 'token' here may not be very appropriate. Its function is only to return the sessionid to subsequent requests after the session stores the user identity after the applet login operation is completed. Because I can't get the session or the information of a session ID, I finally wrote a simple JWT as a token. – 桑榆肖物 Dec 15 '21 at 08:22

0 Answers0