What is the correct authorization algorithm on tokens?

S

Sneiksus2020-07-07 19:05:41

ASP.NET

Sneiksus, 2020-07-07 19:05:41

In general, I have a backend on asp.net core web api. And there is a client (normal html page). I did authorization on jwt tokens. Everything works fine and the token arrives. The question is, what to do next? a controller that checks the authenticity of the token and must do something. But what exactly? It must return the html file of the page the user wants to go to? Or make a redirect? How then to deny access to that page to unauthorized users? The front and back are in different folders , not MVC. How then is it all right to organize?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

F

fan92rus, 2020-07-07
@Sneiksus

Store access rights in the user model, mark the necessary controllers with suitable rights and manage access to them (for example, if there are no rights, redirect to 403 )
. /en/post/322566/

A

Alexander, 2020-07-07
@NeiroNx

It should return a session ID, the same as that returned by a normal login. That is - you check the token with the token database and open a session for it - the identifier can be returned both in JSON and in Cookie - it's better to do it both ways. Then, on subsequent requests within the session, the session identifier is used.