question

RonaldRex-2335 avatar image
0 Votes"
RonaldRex-2335 asked Bruce-SqlWork answered

JWT Storage

Hi Friends,

I was wondering what is the best practice for storing a JWT on the client? Also where is this JWT stored on the server for each account? Thanks !!!

dotnet-aspnet-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YijingSun-MSFT avatar image
0 Votes"
YijingSun-MSFT answered

Hi @RonaldRex-2335 ,

You need to do just like this:Setup the .Net 5.0 Web API Project.

  1. Configure JWT Authentication

  2. Generate JWT Token.

  3. Validate JWT Token using Custom Middleware and Custom Authorize Attribute.

  4. Testing the Endpoint (API) with Swagger.

A JWT needs to be stored in a safe place inside the user's browser. Any way,you shouldn't store a JWT in local storage (or session storage). If you store it in a LocalStorage/SessionStorage then it can be easily grabbed by an XSS attack. 



If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Yijing Sun


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered

Depends on security requirements and if refresh tokens are supported. The most secure is to store in memory.

The server does not need to store the token. It’s sent on each request, and the payload is clear text. The server just needs to verify the signature is valid.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.