Get full access to Hands-On RESTful Web Services with ASP.NET Core 3 and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Start your free trial

Securing APIs with token-based authentication

Applications have traditionally persisted identity through session cookies, relying on session IDs stored on the server-side. This method brings a few significant problems and pitfalls: it is not scalable, because you need a common point where you can store sessions and, every time a user is authenticated; the server will need to create a new record in a data source. Therefore, this approach may become a significant bottleneck for your web service.

Nowadays, token authentication can be helpful to authenticate and authorize users, especially in a distributed system context. The main strength of token-based authentication lies in the fact that the consumer asks for a token to an identity service. ...

Get Hands-On RESTful Web Services with ASP.NET Core 3 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now