Reputation: 55443
Session management in asp.net web api?
I know "session" in asp.net. I used to store user data and required info whenever needed into session. (but I didn't know how to make session time out and all. just to store data at server side)
but now I'm using asp.net WEB API mvc 4 project. I have added angular support in it. by using ui-route for page routing I redirect user from one page to another page.
For now when user gets logged in, I store user name into html storage and show it in every page as WELCOME user. Till now everything works fine.
But question is- I don't know how to restrict unknown user from accessing web apis. How can I authentic valid user? I don't know anything in it. How can I check whether user is authorized to see the page or not?
As I store user name into html storage, at routing time I can only check whether logged in user is accessing page or not. But html storage can be tempered. So I wonder how to put security.
Upvotes: 0
Views: 2223
Answers (1)
Reputation: 342
You should use Token based authentication
When an user login with an username and password, the server will give him/her a token (valid for some time), then you can call the API using this token.
If the request doesn´t contains a valid token you should return an "Authentication error", you can also have different roles for different users, etc.
Read this article to understand how it works, it includes an angular implementation using node.js on the server
https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/
Upvotes: 1
Related Questions
- Session Management in Angular+Web API application
- Maintaining a Session in MVC .net application using angularjs
- .NET Web API + Session Timeout
- Using HttpCookie for timeout/ url expiration
- AngularJS with web API authentication
- Asp.net web api Session
- Angular Js+Asp.net Web api session management
- how to set session variables globally in web api controller?
- Angular session object with MVC web Api
- ASP.NET MVC Web Api 4.5 Session state