0

I am working on a project needs AngularJS on the client side and ASP.NET Web Api on the server side, seems I am fairly new to Angualrjs, I couldn't find a good way to handle access control in AngularJS. AngularJS routing seems to only "work" within "App", if a user access a URL directly (http://www.test.com/customer?userid=12345), it will not work. Therefore I am thinking to let ASP.NET MVC to handle the routing for each AngularJS apps and let AngularJS routing to handle routing within each app.

My question is, once the client app (angularjs) is authenticated by the server (Token), How do I add that authentication in my ASP.NET MVC ? so I can use something like User.Identity and get all the necessary Claims from the server? or I should do the other way to let ASP.NET MVC to make the authentication call with API and store the token somewhere else for angularjs to pick it up? or is there any other way to do it ?

Improve this question

1 Answer 1

Reset to default
1

Once the client app (angularjs) is authenticated by the server (Token), how do I add that authentication in my ASP.NET MVC?

You have to insert the [Authorize] attribute in the actions and/or controllers that require Authentication and Authorization. There are other possibilities to achive that implementing an Authorize filter or Authenticate filter, but for the moment [Authorize] attribute it's a good point to start.

Can use something like User.Identity and get all the necessary Claims from the server?

Yes, of course. Once you retrieve the user from Db

IdentityUser user = await repository.FindUser(context.UserName, context.Password);

you will be able to get Claims, Roles, ... But this is only an example. You will be able to get the user from the token sent by you AngularJS. In fact, to get the user claims, there exists the class ClaimsPrincipal of the System.Security.Claims for this prupose.

However, it's quite difficult to answer this questions without code, so I recommend you the following series of tutorials. I'm sure they will help you:

  1. Token Based Authentication
  2. AngularJS Token Authentication
  3. Enable OAuth Refresh tokens

Edited

If you have 2 projects, one for ASP.NET MVC and other for Web API project, you have to be sure that both WebConfig files have the same machineKey tag:

<system.web>
...
<machineKey validationKey="57B449BBA8F9E656087FF7848727E122C5F5966F65AC0FC25FB3532193B59CFCD13B370883FFC184C1F1500638F33E6F67B37CAED1D9BC65BBC6CFFB232BFD0B" decryptionKey="6D9FBE88D16B3FA5B5E6B37460BBE50DA85D5B4C482159006B5A337C58AA9E79" validation="SHA1" decryption="AES" />
...
</system.web>

Use this machine Key Generator. Token is created based on the machineKey, so you have to be sure that this field is identical. If not, the token created on one project will not be valid for the other.

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

but I am using angularjs to make the /token call to my webapi, you are saying ASP.NET MVC will pick up the authenticated object, even I made the call in angularjs instead of asp.net mvc? I tried it, but my Principal object always null when I do User.Identity.
I guess you have 2 different projects. One for WepApi and one for ASP.NET MVC. You have to put the identical machineKey in both webconfig files.
Any recommend post on identical machineKey ? I assume I should make the authentication call within MVC? like HttpClient? because if I made the call by using Angularjs directly, server will not be aware of it right?
@DesireToKnowMore I have Edited my answer to show you how.
Cool! How about the authentication call made from ? HttpClient? or $http ? I assume it should be called from HttpClient, so MVC can decrypt the token by the key. Angularjs will have no access to the machinekey. Am I correct?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.