Click here to Skip to main content
15,445,066 members
Home / Discussions / .NET (Core and Framework)
   

.NET (Core and Framework)

 
GeneralRe: _ViewImports.cshtml question Pin
pkfox23-Aug-22 23:13
professionalpkfox23-Aug-22 23:13 
GeneralRe: _ViewImports.cshtml question Pin
Richard Deeming23-Aug-22 23:29
mveRichard Deeming23-Aug-22 23:29 
GeneralRe: _ViewImports.cshtml question Pin
pkfox23-Aug-22 23:44
professionalpkfox23-Aug-22 23:44 
QuestionProblem with Azure AD JWT - solved Pin
pkfox18-Aug-22 5:56
professionalpkfox18-Aug-22 5:56 
QuestionRest API always return 401 status code Pin
Mou_kol10-Aug-22 0:59
MemberMou_kol10-Aug-22 0:59 
AnswerRe: Rest API always return 401 status code Pin
Gerry Schmitz10-Aug-22 4:05
mveGerry Schmitz10-Aug-22 4:05 
GeneralRe: Rest API always return 401 status code Pin
Mou_kol10-Aug-22 5:08
MemberMou_kol10-Aug-22 5:08 
QuestionASP.NET Core MVC: How to secure token when passing with url Pin
Mou_kol9-Aug-22 4:23
MemberMou_kol9-Aug-22 4:23 
i got a application developed with asp.net core mvc where token is always passed with url. it seems if we pass token with each url then it is not secure way. so any time any other user can get url and appear before server as right user.

our token life is 24 hours.

sample url looks like http://localhost:48000/ACX/Default/Login?token=8kzRLdW8lQVIS0MrtlqdZJbmz9p22l33u1wspGOmLgCgEy2MG5XZ0JG1ovVZGiNX7KpAfBVn3[^]

C#
This code is generating the token which would valid up to 24 hours:

 public IActionResult Login([FromBody]LoginModel user)  
 {  
     if (user == null)  
     {  
         return BadRequest("Invalid request");  
     }  
          
     if (user.UserName == "johncitizen" && user.Password == "abc@123")  
     {  
         var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("KeyForSignInSecret@1234"));  
         var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);  
    
         var tokeOptions = new JwtSecurityToken(  
             issuer: "http://localhost:2000",  
             audience: "http://localhost:2000",  
             claims: new List<Claim>(),  
             expires: DateTime.Now.AddMinutes(1440), // valid till 24 hours
             signingCredentials: signinCredentials  
         );  
    
         var tokenString = new JwtSecurityTokenHandler().WriteToken(tokeOptions);  
         return Ok(new { Token = tokenString });  
     }  
     else  
     {  
         return Unauthorized();  
     }  
 }  


What can we do as a result token would be secure passing through URL? I want to change flow bit in such a way that if another user copy and paste the same URL, then he will not be able to access protected resource. So how to achieve and secure long life token?

Please guide me with approach in details. Thanks
AnswerRe: ASP.NET Core MVC: How to secure token when passing with url Pin
Richard Deeming9-Aug-22 5:12
mveRichard Deeming9-Aug-22 5:12 
GeneralRe: ASP.NET Core MVC: How to secure token when passing with url Pin
Mou_kol10-Aug-22 0:58
MemberMou_kol10-Aug-22 0:58 
QuestionGet this error when returning view Pin
pkfox3-Aug-22 22:41
professionalpkfox3-Aug-22 22:41 
AnswerRe: Get this error when returning view Pin
Richard Deeming3-Aug-22 23:25
mveRichard Deeming3-Aug-22 23:25 
GeneralRe: Get this error when returning view Pin
pkfox3-Aug-22 23:40
professionalpkfox3-Aug-22 23:40 
QuestionWhat's the difference between dotnet publish -c Release vs -c Debug? Pin
DeltaOrionis29-Jul-22 11:47
MemberDeltaOrionis29-Jul-22 11:47 
AnswerRe: What's the difference between dotnet publish -c Release vs -c Debug? Pin
Dave Kreskowiak31-Jul-22 12:53
mveDave Kreskowiak31-Jul-22 12:53 
GeneralRe: What's the difference between dotnet publish -c Release vs -c Debug? Pin
DeltaOrionis1-Aug-22 7:59
MemberDeltaOrionis1-Aug-22 7:59 
GeneralRe: What's the difference between dotnet publish -c Release vs -c Debug? Pin
Dave Kreskowiak1-Aug-22 8:31
mveDave Kreskowiak1-Aug-22 8:31 
GeneralRe: What's the difference between dotnet publish -c Release vs -c Debug? Pin
DeltaOrionis2-Aug-22 14:49
MemberDeltaOrionis2-Aug-22 14:49 
QuestionVb.Net and .Net Core 6 Books Pin
crmfghtr14-Jul-22 13:27
Membercrmfghtr14-Jul-22 13:27 
GeneralRe: Vb.Net and .Net Core 6 Books Pin
Richard MacCutchan14-Jul-22 21:13
mveRichard MacCutchan14-Jul-22 21:13 
AnswerRe: Vb.Net and .Net Core 6 Books Pin
Dave Kreskowiak15-Jul-22 8:11
mveDave Kreskowiak15-Jul-22 8:11 
AnswerRe: Vb.Net and .Net Core 6 Books Pin
Consuelo R. Bills3-Aug-22 23:57
MemberConsuelo R. Bills3-Aug-22 23:57 
QuestionHow to use BETWEEN in ASP.NET CORE EF? Pin
Khaled Mohamed Eissa7-Jul-22 3:07
MemberKhaled Mohamed Eissa7-Jul-22 3:07 
AnswerRe: How to use BETWEEN in ASP.NET CORE EF? Pin
Pete O'Hanlon7-Jul-22 3:29
mvaPete O'Hanlon7-Jul-22 3:29 
AnswerRe: How to use BETWEEN in ASP.NET CORE EF? Pin
jsc428-Jul-22 1:06
professionaljsc428-Jul-22 1:06 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.