asp.net - how to implement the authentication in Single Page Application? -


as title says,i want build app run in browser single html page.but how implement authentication.and solution is:

  1. the server-side restful apis,which can used multiple platform,web ,mobile side ,etc.and every api need auth token parse,if api not token return 401.
  2. cuz first practise in browser,so need request token login,and when app needs request auth-apis,i put token in header requesting...

and questions : does safe enough? other better solution?

no it's not safe enough if token accessible through javascript same reason should set cookies http , restrict ssl. if hacker can inject javascript app, can steal token , use machine.

for reason suggest use secure, http cookie instead of token when using website.

if api going accessed native mobile app add token each url.

having custom header in http request might cause issues proxies might not pass headers through. cookie nothing more standardised http header might reuse that.

what consider using oauth if you're going allow 3rd party apps access parts of api.

there no reason why not use cookies browser based clients , apikey query parameter other clients.


Comments

Post a Comment

Popular posts from this blog

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more

Firefox SVG shape not printing when it has stroke -

Image
i having issue svg shapes have stroke , trying them print in firefox. this simplest example: <svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink"> <rect x="0" y="0" rx="15" ry="15" width="300" height="400" style="stroke:black;stroke-width:5;" fill="black" /> <circle id="firstcircle" cx="50" cy="50" r="30" stroke="black" stroke-width="2" fill="white" style="opacity:0.75;"/> <circle id="secondcircle" cx="50" cy="150" r="30" fill="white" style="opacity:0.75;"/> </svg> when try , print first shape 1 of 2 things: it not show @ all it shows off center in bounding box. the second shape no stroke shows expected, expected. when displaying on scre...
Read more

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more