This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 25%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Goal:
How to get customerid from token when you are located at backend webapi.
Background:
Today, you get your token from backend and it will be sent to frontend. The token alreadly contain the customerid. In order to use customerid as a filtration for linq or similiar you need to send customerid as a parameter.
It is not only a single ActionResult that need to contain customerid as a parameter.
Problem:
It is alot if you have 12 actionresult that has customerid as a parameter. It would be great if you could retrieve the customerid in the backend after you have sent the token to [Authorize(AuthenticationSchemes = "AlphaClient")]. Somehow it would be added in the session or similiar.
It is important that end user retrieve the correct customerid in the backend.
Question:
Is it somehow possible to add customerid in the backend without sending customerid as a parameter?
Info:
I tried following the instruction from this page(https://stackoverflow.com/questions/35849710/webapi-how-to-get-userid-from-token) but it doesn't work.,
Thank you!
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
namespace WebApplication10.Controllers
{
[AllowAnonymous]
[ApiController]
[Route("api/v1/[controller]")]
public class AuthController : Controller
{
[HttpPost("AlphaClientLogin")]
[AllowAnonymous]
public ActionResult<ClientToken> AlphaClientLogin([FromBody] User user)
{
if (user.Username == "userAlpha" && user.Password == "123")
{
return AlphaTokenService.GenerateToken(user);
}
else
{
return Unauthorized(new { message = "Invalid Username or password" });
}
}
}
[Route("api/v1/[controller]")]
[ApiController]
[Authorize(AuthenticationSchemes = "AlphaClient")]
public class TestController : Controller
{
/// <summary>
/// https://localhost:38744/api/v1/Test/Test2
/// </summary>
/// <returns></returns>
[HttpGet("Test2", Name = "Test2")]
public async Task<ActionResult<Int32>> Test2(string customerid)
{
return 3;
}
}
public class ClientToken
{
public string Token { get; set; }
public DateTime DateExpiration { get; set; }
}
public class AlphaTokenService
{
public static ClientToken GenerateToken(User user)
{
string secret = "myunlegiveblealphasecret";
string audience = "AudienceClientAlpha";
string issuer = "IssuerClientAlpha";
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
var credenciais = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
var expiration = DateTime.UtcNow.AddHours(2);
var claims = new[]{
new Claim("customerid", "123455666"),
new Claim(ClaimTypes.Name, user.Username.ToString()),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
JwtSecurityToken token = new JwtSecurityToken(
audience: audience
, issuer: issuer
, claims: claims
, expires: expiration
, signingCredentials: credenciais);
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "WebApplication10", Version = "v1" });
});
services.AddAuthentication().AddJwtBearer("AlphaClient", options => {
options.TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("myunlegiveblealphasecret")),
ValidAudience = "AudienceClientAlpha",
ValidIssuer = "IssuerClientAlpha",
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
});
}
The syntax is...
[HttpGet]
[Authorize]
public IActionResult GetAll()
{
var user = User?.Identity?.Name;
var id = User?.Claims.FirstOrDefault(c => c.Type == "customerid")?.Value;
return Ok(new { username = user, customerid = id });
}
Thank you for your help!
I have a reflection question.
If you have different user that will login with different login and password and then they use "var user = User?.Identity?.Name;".
IWould it be unique for every user?
How long will this backend session kept before it will disappear?
Would it be unique for every user?
It is up to you to add the claims when the token is created. Uniqueness is in your control.
How long will this backend session kept before it will disappear?
The claims are cached within the JWT and passed from the client to the Web API application. There's no session. The JWT has an expiration property that you get to set.
"It is up to you to add the claims when the token is created. Uniqueness is in your control."
I still need to make some research in order to achieve this question. Again, thank you for your support and time!