Click here to Skip to main content
15,921,452 members
Please Sign up or sign in to vote.
3.00/5 (1 vote)
See more:
I want to implement token based authentication in an application. I want ask, where can I save token on server, so that each request can been matched by valid token. I also want to know how can I implement token validation so that each request to server can be checked first and then server perform required action.

Thanks in advance.

What I have tried:

When User log in the application, a token is generated and send to client. Client then include the token in header of each request.
Updated 10-Sep-16 23:49pm

1 solution

Basically you need to create the tokens on the server and you can save those inside database, by mapping with the userid. Each token should have a lifetime and that also should be kept inside the table.

The token should be given to the client perhaps after authentication. At the client end, you can keep this tokens inside the session storage or local storage. You can use cookies as well, but I will suggest you to use session storage so that it can work on any devices.

While sending any request to the server, you have to include the token inside header and match the token and the life time at the server. You can have the logic to increase the token life time or keep it fixed as per your need..

You can you use OWin authentication for this.
Check this post as well Token Based Authentication using ASP.NET Web API 2, Owin, and Identity - Bit of Technology[^]
Share this answer
iamalik 11-Sep-16 6:28am    
Thanks NaibedyaKar for your response. Is it a good practice to save token in database on server side? As token will be checked for every request, so this will overload database, isn't?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900