Example for authentication

[lednhatkhanh]

Hi, I want to ask if there is any example for authentication for angular 2? I'm very new to this so I have no idea about this, it would be good if we can have a working example for authentication!

[MarkPieszak]

I think the problem with adding it to these templates, is that authentication itself is very broad, in that, there are so may different ways someone could be doing it.

One way you could set it up for Angular is making an HTTP call passing in your credentials to some REST API (could be the web API), which would then pass back whatever type of authentication token you setup (bearer token, etc).

From there, you'd want some kind of service that stores this token, or makes it a default for future Http requests (easily done by extending Http with your own version, which passes those Authentication Headers automatically for you, if he user is already logged in).

Hope that gets you going in the right direction!

[piotrek-k]

I think the idea is not that bad. Setting up authentication - just like configurating angular - is definitely possible to automate. Of course there are many different ways of doing it, but there should be a solution for people who don't really care, who just want some authentication that works.

I remember that some time ago Microsoft have done something like that in Visual Studio 2013 (or maybe earlier) while creating new ASP.net 4.6 MVC apps. You've just clicked on "Create new project with authentication" and you could just start making actual app logic without wasting a few hours on configurating tokens, databases, etc. Maybe it was not always the best solution, but it worked in 99% cases.

I'm definitely approving this idea ;)

[Sampath-Lokuge]

Yes,This will give huge popularity for this template if author will integrate it. +1 for the idea @lednhatkhanh

[boban100janovski]

I have setup Authentication using IdentityServer, which takes care of all the heavy lifting, all you need to do is configure it and write the client side logic for handling the token (if you are using "Implcit Flow" there is a JS module for taking care of client side also OIDC client.)

I am using ROPC flow, i should have some free time soon and will write a blog about it, i will put the link here

[mika76]

I think an example with webapi as a token backend and angular 2 as frontend would be a huge hit! You already have identity as part of mvc and the template pretty much teaches you how to use it, so why not create a similar experience with this?

[mcquiggd]

Just a comment - please don't just limit any authentication examples to Angular - many people prefer React for example...

[mika76]

Sure or maybe vue...

[davidmorissette]

An OAuth2 / OpenId using implicit flow example / functionality including how to pass the token between client to server for pre-rendering and also how to renew the access token silently.

[brettjdicioccio]

Now that the ASP.NET Core 2.0 Web API template has an Individual User Accounts option which seems really promising it would be great if you guys redid the built in register/login/manage pages as part of the Angular code using token based Authentication. There are so many tutorials/courses out there for Angular w/ Firebase and Auth0, but not much on ASP.NET Core Identity and Angular.

[PeterWone]

Please, not like this!

Direct Angular support seems to me like a lot of unnecessary work when you could get a better result for less effort. ASP.NET Core MVC templates already handle auth/auth comprehensively, with elaborate support for Microsoft Identity. If you hand off to MVC on your own server instead of directly to an authentication provider, you gain the following advantages:

1. MVC can handle third party authenticators like Twitter which if I'm not mistaken is still OAuth1, and Facebook which does not support OpenID.
2. This is an inherently safer solution. Code on your server has much higher confidentiality than JavaScript in a browser of unknown provenance.
3. Strong integration with Microsoft Identity providing sophisticated support for both roles and the new security policies.
4. You can use this with other frameworks than Angular.

What I would like to see

1. Remix the SPA templates to include the same options MVC projects have. Hopefully you can steal shamelessly from the MVC project templates.
2. While you could deliver identity to the SPA client in a fragment as conventional identity providers do, you could also make it available from session state with one of those new one-shot items, for retrieval via Web API.

---

Why don't I just get with the program and use Angular like everyone else? Same reason I didn't want to get with the program and use Visual Basic twenty years ago. Employers choose it because there's an Angular dev under every bush. Devs choose it because there's an Angular employer under every bush. That doesn't mean it's bad but it also doesn't mean it's good. Just common.

[MarkPieszak]

Of course you can, and should, do all the Auth on your own server.

I think the person was wondering more-so how to handle the calls to those internal Apis and how to best handle sharing those tokens with future API calls, how to handle if the person leaves the site or even pushes F5 (knowing that they are/might still be authenticated, etc).

Just have an /API/login do all the aspnet Auth / openID / whatever-you-want goodness, and make sure you pass whatever headers you need inside each future call after that.

Hope that's what you were Looking for @PeterWone ?

[PeterWone]

This may be simple ignorance but I don't know any way to specify support for Identity when creating a new SPA with dotnet new aurelia (weapon of choice) or dotnet new angular.

I can mint a new core project in VS2017 with the security stuff, or mint a new core/spa project from the command line, but to combine them currently involves creating two projects and grafting them together which is messy and I always forget things.

You already read my thesis above so I won't repeat it; you seem to understand why I regard this as a better option and I'm sure you can see why I'd prefer a project template that does it all in one go with all the wrinkles ironed out in advance.

[JStarkl]

Here you find a good example, which i used:
https://code.msdn.microsoft.com/How-to-authorization-914d126b

or another one:
https://fullstackmark.com/post/10/user-authentication-with-angular-and-asp-net-core

[CliXiD]

Hi guys,

I would like to share my project (still in develop) that integrate with OpenIdDict Core for React Redux template in Password flow. This project also including .template.config. You can install this project as a dotnet template too.

https://github.com/CliXiD/ARRO

[tonywr71]

I added ASP.Net authorisation and membership to my angular5/asp.net application. I think if this was part of the template in VS2017 then it'd get more takeup as this is non-trivial. I did it by generating two apps, being a standard MVC app and an Angular app, then copying the bits I needed from the MVC app into the angular app. This is just a copy of my notes - it's a bit rough around the edges, so if you see something that needs elaborating, by all means, let me know and I'll see how I go correcting it. My link is here.