✅ How does server fetch information from the correct user?
Title says it all.
i have a asp.net and have implemented all the api endpoints and all that. and up to this point i have just gave the users their ID in the DB and they required to give that ID back to get the information they want. but now im thinking this is not very secure way of doing it.
i have set up authorization and whenever a user wants to fetch a user specific info then i check the given token to the token that is stored in the user info. if it matches then i'd return the requested stuff.
is there a more elegant/secure way of handling this?
4 Replies
The basic, built-in Identity auth in ASP uses a cookie
The cookie contains a session ID, then on the server that session ID is associated with the user ID
In a more of a pure API situation, you would either rely on JWTs or some API keys
Certainly not on passing the user ID as a parameter lol
yeah but the server is not meant to interact with a web client. but instead a MAUI app. so in that case i would just cache the cookie somewhere?
JWT would be the most common solution here
Or, yeah, save the cookie and include it with every request
Or use an API key that the user can get after logging in on the website
More than one way to skin a cat
ah alright makes sense. thanks a lot for you help!!!