Token based authentication in MVC

Question

3.00/5 (1 vote)

See more:

I want to implement token based authentication in an application. I want ask, where can I save token on server, so that each request can been matched by valid token. I also want to know how can I implement token validation so that each request to server can be checked first and then server perform required action.

Thanks in advance.

What I have tried:

When User log in the application, a token is generated and send to client. Client then include the token in header of each request.

Posted 10-Sep-16 5:56am

iamalik

Updated 10-Sep-16 23:49pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

NaibedyaKar · Answer 1 · 2016-09-10T23:49:00

Basically you need to create the tokens on the server and you can save those inside database, by mapping with the userid. Each token should have a lifetime and that also should be kept inside the table.

The token should be given to the client perhaps after authentication. At the client end, you can keep this tokens inside the session storage or local storage. You can use cookies as well, but I will suggest you to use session storage so that it can work on any devices.

While sending any request to the server, you have to include the token inside header and match the token and the life time at the server. You can have the logic to increase the token life time or keep it fixed as per your need..

You can you use OWin authentication for this.
Check this post as well Token Based Authentication using ASP.NET Web API 2, Owin, and Identity - Bit of Technology[^]