Quite some time ago I published an article (along with the source code) about refreshing the JWTtokens. In the following post, I’m going to focus on canceling the token, thus it can’t be used by anyone else. This tutorial includes the video, so it might be easier to understand the implementation flow.
Recently, I was struggling with the SSO authentication. At first I did pick up JSON Web Token which of course is a legitimate option, however, I was forced to share the secret key between different parties, as I decided to use HMAC. Not so long ago I decided to switch to the RSA instead and I’d like to present you both solutions using ASP.NET Core.
Nowadays, the HTTP APIs act as gateways for petabytes of data and some chunk of it might actually require enhanced access rules. For example, you could create a link that allows the user to download the file only once, and within such link you would find a token.
I was in a need of creating such solution for my open source project Warden – a specialized, one-time link that can be used fetch the configuration object from the API.
It turned out to be fairly straightforward to implement the most basic version of such behavior.
I’ve heard about this group/movement which provides a free access to the SSL/TLS certificates and have decided to check it out since I want the Warden project to be secured, especially the Web Panel where some sensitive data might be stored. Actually, I still can’t believe that it was so easy to do, basically just a single click (no kidding).
Allow me present you the Let’s Encrypt and explain how easy it is, to make it work with IIS.