ASP.NET CORE Client-Side Best Practice to pass to Generate the Token. The API has been configured with a JWT to secure few actions (e.g. PUT).
I have enabled the Edit link (in the index.cshtml) that navigates to a razor page with a form that gets populated. Then user makes some changes and clicks submit button. So now I need to secure this.
Secure the Edit so only people with the token can access the form?
Secure the “submit button” instead?
Although it might be a design preference, I am looking for best-practice to implement token functionality on the client side.
Do I approach it similarly to the API (green Authorized button with lock )? Any help will be appreciated
When it comes to securing client-side operations in ASP.NET Core with JWT tokens, there's no one-size-fits-all solution, but here's a common approach many developers use. Instead of securing individual buttons, it's usually better to handle authentication at the page level. You can do this by adding an authorization filter or middleware that checks for a valid token before allowing access to the Edit page. When the form is submitted, make sure to include the token in the request headers. After a successful login, store the token securely - browser storage or a secure cookie are common choices. It's also helpful to set up a client-side interceptor or middleware to automatically add the token to API requests. For the UI, you might want to only show edit links or forms to authenticated users. This approach gives you good security coverage while keeping things smooth for users. Remember, the exact implementation can vary based on your specific needs and architecture.