0

I know "session" in asp.net. I used to store user data and required info whenever needed into session. (but I didn't know how to make session time out and all. just to store data at server side)

but now I'm using asp.net WEB API mvc 4 project. I have added angular support in it. by using ui-route for page routing I redirect user from one page to another page.

For now when user gets logged in, I store user name into html storage and show it in every page as WELCOME user. Till now everything works fine.

But question is- I don't know how to restrict unknown user from accessing web apis. How can I authentic valid user? I don't know anything in it. How can I check whether user is authorized to see the page or not?

As I store user name into html storage, at routing time I can only check whether logged in user is accessing page or not. But html storage can be tempered. So I wonder how to put security.

Improve this question

1 Answer 1

Reset to default
1

You should use Token based authentication

When an user login with an username and password, the server will give him/her a token (valid for some time), then you can call the API using this token.

If the request doesn´t contains a valid token you should return an "Authentication error", you can also have different roles for different users, etc.

Read this article to understand how it works, it includes an angular implementation using node.js on the server

https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.