4

I am new to AngularJS. I need to develop a Web API (ASP.NET) which will be consumed by an Android, iPhone and a Web Application. I want to build the web application using ASP.NET MVC to use the built in routing and razor view engine.

The first problem I am facing is how to add security to my Web API and ASP.NET MVC in a way that they work together or use the same auth token (ASP.NET Identity). For example web application will display a login page to the user, AngularJS will send back-end login call to Web API and in return will get an auth token as ASP.NET Identity is being used on Web API side. Now whenever user requests a resource/view/html from web application (ASP.NET MVC), he/she should be authenticated and authorized first.

If my login call go through the ASP.NET MVC controller action and I create a FormAuthentication cookie on a successfull login, then how can I pass the Web API auth token to AngularJS in a secure way so that my angular controllers can call Web API methods for data manipulation using that auth token?

It would be great if someone could refer a blog/article with example.

Haider
  • 1,488
  • 2
  • 15
  • 29
  • 1
    [Check this question out](http://stackoverflow.com/q/21662778/189756) – Mohammad Sepahvand Apr 16 '14 at 11:34
  • 1
    Yes, the question @MohammadSepahvand posted above is by far the most complete step by step example. – Beyers Apr 16 '14 at 11:44
  • In that answer all of the implementation is on client side. That's a bit complicated to handle for a angular beginner and also not sufficient. What if someone tries to hit any page's URL out side the application. Since this request would not go through the angular, he probably would get the HTML (without data). We should have some authentication on server side in order to prevent resources like HTML,CSS,Javascript,Images etc. – Haider Apr 17 '14 at 11:41
  • I solved the problem. See my answer here: http://stackoverflow.com/a/23539408/1501074 – Haider May 08 '14 at 10:46

0 Answers0