This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 9%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
HI,
I have created a solution of asp.net core 3.1. It has a project of MVC and another project of Web Api.
For security purpose I used the asp.net identity to allow user to login and logout. So it does authenticate the user before accessing in. But after doing this I have realized that I have not secured the WebApi and anyone who know the path and access the webapi.
I tried to look to secure the web I found solutions but I am tryig to find the right solution for the app. For now I have only single client that is using the api and I do intend to keep it to single client.
I looked at video to secure the webapi, in this video i saw that jwt token is used to protect the webapi and it shows how to validate the username and password and then creating the token and sending it back. If I go with the webapi protection then how I am going to protect the web app. Should I have two different setup, one for the webapi and one for the client app?. or should I access the asp.net database once in WebApplication (client) and then again in the webapi?
Please guide me what should be the best solution to protect the web app and also the webapi which is optimum.
To secure client and web apis use JWT. See JWT implementation in ASP.NET Core which covers all the steps you need.