Where to store OAUTH2 access token in mvc5 web app

2019-07-24 11:24发布

I have an API (.net web api 2) that is to be consumed by a (external) mvc5 application. The API implements a simple authorization server for issuing tokens to consumers (The implementation follows the example given by thinktecture identitymodel samples).

The API is to be consumed by (among others) users of a GUI (mvc5 application) which have to log in to gain access to the application. When logging in, a http request is issued by the application to the API which in the case of correct credentials returns the access token. Where should I save this token (so that the user does not have to log in again when changing page), should I store it in a cookie or a session or perhaps as a claim to forms authentication?

0条回答
登录 后发表回答