Sign in

Microsoft.com

Microsoft

Remove From My Forums

Best Practice to Secure a .NET Core Web API

Question
0

Sign in to vote
Hello,

I have a Web API application built with .NET Core 2.2. My client application is a .NET Core MVC web application. This is an internal application using Windows authentication. I am getting AD user name from ASP .NET (User.Identity.Name). My API method calls are all done in JavaScript on the client. I am currently encrypting the user name and saving the encrypted value in a hidden field to make it available to pass back to the API. My API methods currently take the encrypted user name as a parameter. I have considered passing the encrypted user name in the AJAX header, however I'm not sure if this is best practice either. Hoping someone can guide me towards a best practice to secure the API.

Thanks,

Bill

Bill Siegler
- Moved by CoolDadTx Friday, May 3, 2019 5:59 PM ASP.NET related
Friday, May 3, 2019 2:43 PM

Reply

|

Quote

All replies

0

Sign in to vote

Hi Bill,

Consider asking here https://forums.asp.net/1255.aspx/1?ASP+NET+Core
Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
NuGet BaseConnectionLibrary for database connections.

StackOverFlow

Friday, May 3, 2019 2:51 PM

Reply

|

Quote