Indy.Code() Sessions tagged security

Improving the Security of JSON Web Tokens with Refresh Tokens

Are you using JWT tokens to secure your .NET web APIs? Are you also worried about the security of using long-lived tokens or about possible holes in your token refresh implementation?

If that sounds like you: fear not—all your answers are here in this session. Join me as I cover all the JWT and refresh token best practices, and help you make sure you’re following them. We’ll even look at a real token and refresh implementation which you can build off of in your projects. Join us, and make sure you’re not making a mistake with this common security technology.

Speaker

Jonathan "J." Tower

Jonathan "J." Tower

Partner & Principal Consultant, Trailhead Technology Partners

Securing a WebAPI with JWT Role-Based Authentication

Setting up a database table to store user information and have a webAPI method to login is just the beginning. Once a user is logged in you need to return a token for subsequent calls, and store that somewhere so the user doesn’t have to constantly pass their username and password. The database can store user roles and rights allowing the user access to only certain calls or privileges. This course takes a simple view at doing this from scratch with a simple SQL database, .NET WebAPI and an HTML front end. We will also look at testing our WebAPI in Postman. By the end of the course a base security scheme can be achieved and further built upon.

Speaker

Victor Pudelski

Victor Pudelski

V.P. of Development, Zubisoft, LLC