Best Practice to Secure a .NET Core Web API RRS feed

  • Question

  • Hello,

    I have a Web API application built with .NET Core 2.2. My client application is a .NET Core MVC web application. This is an internal application using Windows authentication. I am getting AD user name from ASP .NET (User.Identity.Name). My API method calls are all done in JavaScript on the client. I am currently encrypting the user name and saving the encrypted value in a hidden field to make it available to pass back to the API. My API methods currently take the encrypted user name as a parameter. I have considered passing the encrypted user name in the AJAX header, however I'm not sure if this is best practice either. Hoping someone can guide me towards a best practice to secure the API.



    Bill Siegler

    • Moved by CoolDadTx Friday, May 3, 2019 5:59 PM ASP.NET related
    Friday, May 3, 2019 2:43 PM

All replies