❔ What is the appropriate way to confirm User ID for API
Hi folks,
I'm creating a WebApi to go alongside my front-end. Each call to my controller and related service has the attribute so I know that a user has to be authorized before accessing the data.
My query is regarding the retrieval of the UserID to get the user-specific data from my database.
This is what I have currently:
Is this an acceptable and importantly safe way to do it? I'm fairly new to Authorization/Authentication so trying to create a portflio worthy project without any glaringly obvious security flaws.
TIA
I'm creating a WebApi to go alongside my front-end. Each call to my controller and related service has the attribute so I know that a user has to be authorized before accessing the data.
My query is regarding the retrieval of the UserID to get the user-specific data from my database.
This is what I have currently:
Is this an acceptable and importantly safe way to do it? I'm fairly new to Authorization/Authentication so trying to create a portflio worthy project without any glaringly obvious security flaws.
TIA
