I'm writing a three level app. I have ASP.NET Core 2.1 Api, Web Client App and Android App. The Api is secured with Jwt Authorization. I have a problem in storing the token which I'm getting from the Api to Web Client. I need a secure way for that purpose and I'm thinking if it would be good way to store it in ClaimsIdentity. I'm going to add it here in:
var claims = new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier, token.userId),
new Claim(ClaimTypes.Name, token.userName),
// Here add new Claim(ClaimTypes.Authentication, token.token)
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(principal);
Is this the right and secure way?
Finally I found something that I can use.
https://hanssens.com/projects/localstorage
You can store lots of data in memory with this component. It also has encryption mode so it should be pretty secure. Thank you for your help once again!