Hi,
We are using .netcore and angular V5.5
How to secure Abp.AuthToken or issue the token only for single computer.
Problem we are facing: * User 1 Login using chrome browser. * I coppied this Abp.AuthToken from cookies. * and paste or clone in another browser
And Fire http://localhost:4200/app/main/dashboard
New browser session is continued using User 1s Session and credential.
How to avoid this.
Please help us in this.
Thanks
4 Answer(s)
-
0
No matter what method you use to return the token to angular. As long as the user wants, he can still find the token and share it.
Currently only tokens are safe in the browser.
This is unavoidable.
-
0
you can read more about something similar at
https://security.stackexchange.com/questions/178663/why-isnt-stealing-cookies-enough-to-authenticate
-
0
Hi,
How to secure token for single machine.
is there any way to remove token cookie from browser and pass token via api.
(abp framework creates abptoken cookies if not present)
if we want to pass token via api then what we need to modify in angular and abp framework,
Anyone have any idea for this issue, Please helps us in this.
Thanks
-
0
@velu What does that achieve? The user can still get the token.
