Navigating custom tokens between different pages

My application utilizes a custom log-in system that generates an encrypted Token to signify a user's logged-in status. This Token is then passed to another page (Dash.aspx) via the QueryString parameter.

On Dash.aspx, the Token from the QueryString is extracted and stored in a hidden field using JavaScript. This Token is used for making web service calls, with the updated Token value being saved by JavaScript each time a call is completed.

Now, I am looking to create new pages that require a valid Token to be passed to them after the user logs in. The challenge is finding a more secure way than passing the Token via QueryString, while also ensuring that the Token remains up-to-date when navigating between pages.

I would like to avoid using Session to store and pass the Token if possible. Is there a more discreet way to pass the Token and consistently update it as needed?

This may be a broad question, but I believe there could be a solution out there that I'm not aware of yet.

Update:

Here's an example scenario:

Step 1: User logs in with username zholen and password zholen123

  • A service validates the credentials and returns a Token 'ABC'
  • User is redirected to Dash.aspx?token=ABC

Step 2: Dash.aspx retrieves the token from the query string and stores it in a hidden field

  • JavaScript object saves the token internally
  • Several asynchronous calls are made to different services, each returning an updated Token which replaces the old one (Tokens expire every 30 minutes)

Desired steps going forward:

Step 3: Transition from Dash.aspx to Account.aspx

  • Account.aspx requires a valid Token to load
  • More services are called to update the Token

Step 4: Return from Account.aspx to Dash.aspx with the most recent Token

Service calls can be done through a Web Service (asmx) or page methods depending on whether data retrieval is needed or not. Cookies have been suggested as a potential solution to update the Token, allowing C# to reset the cookie with the new Token during these calls and assuming async operations won't interfere.

The JavaScript object storing the Token internally could also place the updated value back into the hidden field for accessibility from the C# end.

c#javascriptasp.net

Answer №1

To enhance security, you may consider using cookies for storing sensitive information. It is recommended to utilize intermediate encryption as cookies are susceptible to external reading.

        //c#

        HttpCookie cookie = new HttpCookie("myTokenCookie");
        cookie.Value = tokenString;
        Response.SetCookie(cookie);

        // retrieve the cookie later
        s = Request.Cookies["myTokenCookie"].Value;

        // store it in a hidden input element for JavaScript retrieval

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Generating JSON Data with the Power of JavaScript and JQuery

Looking to dynamically generate a JSON Object with the specified structure: { "deleteId":[1,2,3], "pointId":[1,2,3], "update":[ { "what":"mission", "id":1, "value":"adsda" }, { ...

javascriptjqueryjsonangularjs

Restangular is throwing an error because it cannot find the reference for _

I encountered an issue with Restangular where I'm getting the error message: Uncaught ReferenceError: _ is not defined from restangular when trying to use it. Code Snippet: <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.1/angula ...

javascriptangularjsrestangular

Can the Microsoft Jet database be trusted to securely store sensitive data in a small application?

I am in the early stages of planning a new ASP.NET project that will eventually be used as a product by technical staff in various companies. This program will store sensitive information that needs to be safeguarded from unauthorized access, particularly ...

asp.netsqljet

Internet Explorer 9 fails to recognize angular objects when used inside ngRepeat

One issue I encountered was with the ng-include and ng-controller nested inside an ng-repeat, causing some unexpected behavior in Internet Explorer: Here is a snippet from main.html: <section ng-repeat="panel in sidepanels"> <h2 class="twelve ...

javascripthtmlinternet-explorer-9angularjs

Tips for selecting checkboxes with fetched information

I have created a script that passes json data to a variable and then collects all the necessary information such as chapterid, questionid ...etc on the inner html page. jQuery Code: $('div[id^="questionsNo_"]').ready(function() { var assessme ...

javascriptjqueryjson

When the webpage is reloaded in Internet Explorer, a file is automatically downloading. How can this issue be resolved?

Below is the anchor tag in HTML for downloading a file. <a [href]="myFileUrl" class="u-text--document" download="myfile.csv"><span>Title of the Excel document (6.8MB)</span></a> This method is called on n ...

javascriptangularangular5angular2-forms

How to access class type arguments within a static method in Typescript: A clever solution

An issue has arisen due to the code below "Static members cannot reference class type parameters." This problem originates from the following snippet of code abstract class Resource<T> { /* static methods */ public static list: T[] = []; ...

javascripttypescriptgenericsinheritance

Developing a countdown clock with php and asynchronous javascript (ajax)

Can anyone provide guidance on how to create a real-time database timer? I have a starting time in the database and I am using PHP, looking to incorporate JS or AJAX for optimal functionality. Here is a rough outline of my plan: BEGIN Request server ti ...

javascriptphpmysqlajaxtimer

What are the steps to effectively utilize data retrieved from readFragment using Apollo?

Once a user logs in, the system returns a jwt token and a user object containing the id and firstName, which are then stored in cache (refer to the image link provided below). https://i.stack.imgur.com/oSXZ5.png I aim to retrieve the user information fro ...

javascriptreactjsapolloreact-apolloapollo-client

Transmit information to a Windows Forms Application

I am currently working on a project that automatically starts with Windows. This project is a C# windows-forms application that, once initiated, hides itself and displays as a tray icon. This means it is only visible in the tray area, not in the taskbar or ...

c#.netwinformsc#-4.0communication

Having difficulty sending data to a controller through AJAX in Code Igniter. Can anyone help troubleshoot

I recently started learning PHP OOP and am currently using the Code Igniter framework. I encountered some difficulties in sending data to the controller using AJAX, so I attempted a simple test to check if AJAX was functioning properly, but unfortunately, ...

javascriptphpjqueryajaxcodeigniter

Using AngularJS to invoke the ng-required directive and trigger a function

Is it possible to make the required value dependent on a function? Something similar to this? I need to achieve this in order to dynamically change the required attribute for form inputs... HTML: Name: <input type="text" ng-model="user.name" ng-r ...

javascriptangularjs

Extracting data from Material-UI TextField elements in React – a guide

I am currently working on a small app that consists of a Form component, a SubmitButton component, and my parent component, App.js. My goal is to retrieve the values of the 3 fields within the form component when the user clicks the submit button, pass the ...

javascriptreactjsmaterial-ui

Issue with Vue-Validator form validation not functioning properly on JS Fiddle

I'm having trouble with vue-validator on JSFiddle. Can someone please assist in troubleshooting the issue so I can proceed with my main question? Check out JSFiddle Html: <div id="app"> <validator name="instanceForm"> & ...

javascriptjsfiddlevue.jsvue-validator

Setting a custom background image in a Bootstrap modal

When users visit my website, I want to enhance their experience by using a background image in my bootstrap modal. Despite several attempts, I have been unable to successfully set a background image in the modal. Can anyone provide guidance on this matter? ...

javascripthtmlcsstwitter-bootstrap

Strategies for locating elements with the href attribute in Selenium using C#

Having trouble selecting a link using the href attribute. <a id="1 - GovSearch" name="1 - GovSearch" title="Population and Immigration Authority" href="https://www.gov.il/en/Departments/population_and_immigration_authority" class="content-title first ...

c#seleniumxpathcss-selectorswebdriverwait

Automated static file versioning in Google App Engine/Python

Recently, I've been experimenting with Google's page speed service, and it has inspired me to implement automatic versioning of static files in my GAE/P application. This way, I can fully utilize longer caching times. Developing a script to perf ...

javascriptcssgoogle-app-enginecache-control

"Everything is running smoothly on one REST endpoint, but the other one is throwing a CORS error

I am currently working on a project that involves a React client app and a Django server app. The React app is running on port 9997 and the server API is on port 9763. While the frontend is able to access some APIs successfully, there are some APIs that ar ...

javascriptpythonreactjsdjangocors

Create HTML elements based on the information in a JSON object

My goal is to create span elements for each word in my subtitle text, which is stored in a JSON object. Here is the JSON data I am working with: var sub_info = [ {'start': 3.92, 'end': 6.84, 'words ...

javascripthtmljquery

troubleshoot clientWidth not updating when CSS changes are made

Summary: When I adjust the size of a DOM element using CSS, its directive fails to acknowledge this change even with a watch on the size. Aim I have multiple custom directives (simple-graph) each containing an svg. My goal is to enlarge the one under the ...

javascriptcssangularjsangularjs-directive