0
fgonzalez created
Hi
- My product version: v9.3.0
- My product type: Angular
- My framework type: .net core
<br> I need help with reference to JWT, a customer reported a possible security risk of sending the token over http or https, with the possibility that the token could be stolen.
Questions:
- Is it possible with the ABP to use an alternative mechanism to transmit session tokens or some more secure way?
- What mechanisms does ABP have to prevent user access or API calls with a stolen token?
<br> Best regards.
2 Answer(s)
-
0
Hi @fgonzalez
Is it possible with the ABP to use an alternative mechanism to transmit session tokens or some more secure way?
AspNet Zero doesn't provide any alternative approach. Using HTTPS should work for you.
What mechanisms does ABP have to prevent user access or API calls with a stolen token?
AspNet Zero doesn't implement token invalidation but you can easily implement it by creating a new table which will contain invalid tokens and check it here
-
0
Thanks for the reply @ismcagdas
Have an answer to this question?
Log in
and write your answer.