locked
Best Practice to Secure a .NET Core Web API RRS feed

  • Question

  • Hello,

    I have a Web API application built with .NET Core 2.2. My client application is a .NET Core MVC web application. This is an internal application using Windows authentication. I am getting AD user name from ASP .NET (User.Identity.Name). My API method calls are all done in JavaScript on the client. I am currently encrypting the user name and saving the encrypted value in a hidden field to make it available to pass back to the API. My API methods currently take the encrypted user name as a parameter. I have considered passing the encrypted user name in the AJAX header, however I'm not sure if this is best practice either. Hoping someone can guide me towards a best practice to secure the API.

    Thanks,

    Bill


    Bill Siegler

    • Moved by CoolDadTx Friday, May 3, 2019 5:59 PM ASP.NET related
    Friday, May 3, 2019 2:43 PM

All replies

  • Hi Bill,

    Consider asking here https://forums.asp.net/1255.aspx/1?ASP+NET+Core


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Friday, May 3, 2019 2:51 PM