0

I have a JWT (JSON Web Token) that contains a user code in the payload. I determine the user code by parsing the payload once the JWT has been verified. The user code needs to be available to multiple different classes and I want to avoid extracting the specific HTTP header and parsing the JWT more than once (once when authorizing and however many times its needed in the code thereafter) to extract the user code. I have overridden the IsAuthorized method in order to perform the JWT validation.

An ASP.Net Web API validates the JWT. Is it possible to have a static Global.cs which holds static variables for classes? What implications are faced when their are multiple users accessing the website? Will there be an instance of the Global.cs per user connected to the Web API?

strange_developer
  • 1,327
  • 2
  • 12
  • 17
  • For subsequent calls to the web API, how are you planning to *look up* the user from the global cache? – Davin Tryon May 05 '15 at 09:05
  • That's basically what I'm having difficulty understanding. If I have a static class, and simply call the method like this: 'Global.UserCode' Subsequent calls from different users would overwrite this value and it would be using a different users code – strange_developer May 05 '15 at 09:11
  • Usually, a JWT token is used in a context where you do *not* want any type of session state on the server (or cannot have it). Verifying a JWT performs very well (I think it is some kind of MAC verification). So, I wouldn't pre-optimise. If you can store the user id in session state, don't use a JWT. – Davin Tryon May 05 '15 at 09:13
  • I cannot have a session state via a Web API. What I'm trying to avoid is having to parse the HTTP headers in order to retrieve the payload out of the JWT and then get the user code each time it is needed. For example to get a users list of products, I need the users code to get the associated product list. The HTTP headers are parsed on verification of the JWT but will now need to be parsed again to extract the user code when retrieving the list of products. Is there some sort of in memory storage that I can use to maintain the user code once it has been parsed out? – strange_developer May 05 '15 at 09:28

0 Answers0