How to redirect user to another page after login that base on JWT-token?

2
votes

I use a JWT-token for authentication of users in my ASP.NET Core Web App.

The process of authentication has following steps:

  1. Client send an ajax request to the server url with params login/password to get access token
  2. Server get request and send a response with access token and token type

  3. Client get server response and save token in a session storage to use token for requests later

    When client has a token he should add token type and token to header of every request like the following sample (jQuery.ajax() headers section):

    headers: { 'Authorization' : tokenType + ' ' + token }

  4. Client redirects user from login page to main page. In JavaScript I can make it with the following code:

Code:

window.location.replace('[URL_TO_MAIN_PAGE_HERE]');

or

window.location.href = [URL_TO_MAIN_PAGE_HERE];

However I has a problem that I can't set a header for the request above.

How can I redirect user to main page after login if I use access token for authentication?

Additional info:

App is not SPA.

1
javascriptasp.netauthenticationasp.net-corejwt
Possible duplicate of Setting custom request header on a page redirectTnc Andrei
Is your app single-page app or not?obey
obey, it isn't SPA. I updated a question.pepeevich
Tnc Andrei, looks like the provided question is near to my question, but provided question has no answer. However your comment is useful. I mark it.pepeevich

1 Answers

7
votes

Once you save the token in browser's session/local storage, it will be available for any further "API" requests to the server. When you request for a page, by doing a server.transfer / request.redirect / location.href etc, you cannot provide custom headers of anytype.

So what's the available options.

Lets say post login, you redirect user to a page (using any of methods), which lists out some entities. The listing page does (or should do) an ajax request to the server (upon load, in the header script) to fetch the data. At this step, you can read the auth token and include in the request; which the server can validate.

Any subsequent requests will be done in same manner, whenever you request any resource, include the token in the http request.

If your API can return processed html, then you can do a GET request to that and pass the auth token, retrieve the html and include it within your page...