Angular and Web Api 2 Authentication: Bearer Tokens
Question
I'm creating an application in angular js and ASP.NET Web Api 2 backend. I'm trying to figure out how to do the authentication part. I'm planning to use bearer tokens instead of cookies since its seems like a more modern approach. I will have a user login form where they can enter their password and username. Should i just pass the username and password to my Web Api and let it return a bearer token and then just store it in localStorage? How do I pass that token in every subsequent request so I can access the protected resources? Do I need any special angular module for this type of authentication?
1 answers
solution1
1 ACCPTED 2015-09-28 05:07:15
You can use Anti-forgery Token in Web Api. The server authenticates the user. The response from the server includes an authentication cookie. The server includes two tokens in the response. One token is sent as a cookie. The other is placed in a hidden form field. The tokens are generated randomly so that an adversary cannot guess the values.
When the client submits the form, it must send both tokens back to the server. The client sends the cookie token as a cookie, and it sends the form token inside the form data. (A browser client automatically does this when the user submits the form.)
If a request does not include both tokens, the server disallows the request. In Angular you have to pass hidden field parameter(Token) in every http POST request.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.