Hello,
I have a Web API application built with .NET Core 2.2. My client application is a .NET Core MVC web application. This is an internal application using Windows authentication. I am getting AD user name from ASP .NET (User.Identity.Name). My API method calls
are all done in JavaScript on the client. I am currently encrypting the user name and saving the encrypted value in a hidden field to make it available to pass back to the API. My API methods currently take the encrypted user name as a parameter. I have considered
passing the encrypted user name in the AJAX header, however I'm not sure if this is best practice either. Hoping someone can guide me towards a best practice to secure the API.
Thanks,
Bill
Bill Siegler