MVC4 using JWT tokens
-
I have a Security API which creates a JWT token and works well with SPA front ends that we create with no issue. Now I have been asked can I get this working with a MVC app that was built in MVC4 and Dot Net 4.5.1 does anyone have any links to tutorials or examples that I can see if it is possible? Thanks Simon
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
-
I have a Security API which creates a JWT token and works well with SPA front ends that we create with no issue. Now I have been asked can I get this working with a MVC app that was built in MVC4 and Dot Net 4.5.1 does anyone have any links to tutorials or examples that I can see if it is possible? Thanks Simon
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
Sounds like you need to investigate each issue one at a time and test it. Like how to write the JWT token to local storage, or the view bag or something. Then how to get the controller to expect the JWT token [Authorize] And how to send the token to the controller in the HTTP header. Do some reverse engineering. I looked around on the interwebs and just basically saw nothing of value. Just a bunch of forum post saying look at this by people who have never worked with JWT. most talk were for core. Sounds like a big job to me just to investigate it.
If it ain't broke don't fix it Discover my world at jkirkerx.com
-
Sounds like you need to investigate each issue one at a time and test it. Like how to write the JWT token to local storage, or the view bag or something. Then how to get the controller to expect the JWT token [Authorize] And how to send the token to the controller in the HTTP header. Do some reverse engineering. I looked around on the interwebs and just basically saw nothing of value. Just a bunch of forum post saying look at this by people who have never worked with JWT. most talk were for core. Sounds like a big job to me just to investigate it.
If it ain't broke don't fix it Discover my world at jkirkerx.com
you are right and that is why I posted here to see if someone has done it. I have a legacy system that is written in dot net 4 and MVC4 were currently trying to strangle it as it is used by the whole company. With the new stuff we are using JWT and have a single sign on API which works and works well. BUT the MD wants to me see if it is possible
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
-
you are right and that is why I posted here to see if someone has done it. I have a legacy system that is written in dot net 4 and MVC4 were currently trying to strangle it as it is used by the whole company. With the new stuff we are using JWT and have a single sign on API which works and works well. BUT the MD wants to me see if it is possible
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
I think it's possible to do personally, although I haven't done it nor put any day long research into it. Or perhaps at least just start with a piece of JWT, such as picking up the token from the other modern project to background validate in the old MVC4 system so you don't have to sign in again, and then the old system just runs as normal. That is very plausible to do. It's even plausible to me at least, to modify the old system so when you sign in, it writes a JWT token to local storage as well so you don't don't have to sign in to the new system. JWT tokens stored in local storage have to use the client to read and write them, and I did see some source code concepts to get a view page to store the token in a hidden textbox, and then use Vanilla JavaScript to read that textbox and write it to Local storage. Or the other way around, use Vanilla JavaScript to read that token in Local Storage and write it to a hidden textbox. Then when the view page post back, the token will post as well and can be retrieved. I pretty sure I can write a hack of
AttributeUsageAttributeand call it[Authorize]that I can decorate the controllerActionResultwith that will validate a token. Basically a hack of System.Identity but in a smaller package. Store the token in a cookie and can read and write it. On SPA apps, well Angular at least, you don't have to store the token in Local Storage, but it can be stored in a cookie as well. But the cookie has to be a real single value cookie, and not the asp.net cookie that can store an array of values.If it ain't broke don't fix it Discover my world at jkirkerx.com
-
you are right and that is why I posted here to see if someone has done it. I have a legacy system that is written in dot net 4 and MVC4 were currently trying to strangle it as it is used by the whole company. With the new stuff we are using JWT and have a single sign on API which works and works well. BUT the MD wants to me see if it is possible
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON