Using both cookie and JWT tokens in ASP.NET Web/API app

Question

I've seen a lot of articles that cover using JWT Tokens in API scenarios. How do I include the JWT Token in my request for a web page?

My ASP.NET Core app has both web pages and API methods so I want to use cookies for the web and token for API.

Answer 1

The way we do it here with Asp.Net, is our auth layer looks for either a cookie or an Authorization header. It pulls the token from either location. This article might be helpful:

http://auth0.com/blog/cookies-vs-tokens-definitive-guide

This takes some custom code, but its not too difficult really. Make your own AuthenticationHandler.

https://wildermuth.com/2017/08/19/Two-AuthorizationSchemes-in-ASP-NET-Core-2

That excellent article will guide you through every step of the process.