I use Identity server 4 for Authentication, One of my client's application is Asp.net core MVC Project, and one web API resource for some ajax request.
I need from some pages of Mvc client, call web API resource through javascript ajax call. How can I handle authentication, through JWT or maybe Cookies? how pass JWT?
In your client(asp.net core mvc) application , you can set the SaveTokens
property to true
when registering the OIDC middleware so that tokens will be saved into cookie :
.AddOpenIdConnect("oidc", options =>
{
....
options.SaveTokens = true;
.....
});
Then in your application you can get the token by :
var accessToken = await HttpContext.GetTokenAsync("access_token");
If using Jquery , you can simply make an ajax call to server side to get the access token value , then perform api call with token . Or you can put the token into page's hidden filed when rendering the page , and use Jquery to read the hidden field to get the token , but that is not secure compare to the first option .