How to stop Adal.js from intercepting certain routes

Question

I am working on an Angular 1.x application and I'm using Adal.js for handling authentication. The backend is built on ASP.NET Core. I have 5 API endpoints out of which only 3 needs to be protected (i.e. only authenticated users should have access to them). So in other words I don't need to authenticate the GET calls. There is a page when the data from the GET calls need to be displayed but if the user decides to edit,delete or add data then he/she needs to be authenticated. All the APIs are hosted on the same domain as the UI.

The problem that I am facing is that when I initialize ADAL, it's trying to intercept all the HTTP calls and trying to attach the token. However since a couple of my pages need to be visible to everyone those states are not protected (i.e. I haven't added requireADLogin: true to those states). The solution is not working after that, i.e. the API calls are being made. If I try to navigate to one of the protected routes then ADAL is re-directing the user to the login page and the calls are going through.

Is it possible to achieve such a solution using Adal Angular?

Answer 1

Yes, it is possible.

In this scenario, we doesn't specify the requireADLogin:true for that controller. However, we still need to protect the the resource which we want in the page. e.g. We can hide the button that add/edit/delete which requires users login.

Below is a piece of code that show the button edit after users is sign-in and if not will show the login:

<li><a class="btn btn-link" ng-hide="userInfo.isAuthenticated" ng-click="login()">Login</a></li>
<li><a class="btn btn-link" ng-show="userInfo.isAuthenticated" ng-click="edit()">edit</a></li>