justmaier / angular-spa-security Goto Github PK
View Code? Open in Web Editor NEWAngular Security Provider for ASP.Net MVC SPA
License: MIT License
Angular Security Provider for ASP.Net MVC SPA
License: MIT License
What's a point of enter in Modified SPA demo? I didn't find a main page View.
I would like to ensure that Security.user is set (without having to $watch). Is there a way to call
Security.authenticate() to return a promise, and or block until Security.user is set?
I am accessing security.user.role in child controllers. If I can have a hook to see that user is set, then I can use a route resolver.
Upgrade Request
@JustMaier Is there any plan to upgrade angular-spa-security with angular 6?
Hi,
I'm using your code to integrate Angular SPA with ASP.NET MVC5 and it is very usefull.
I can't resolve a little but important issue. I can login, and everything goes well, but if i press F5 on the browser the object security.user is null. Why? :)
I'm missing something? You persist user info somewhere? I need to "re-authenticate" to get userinfo again?
Thanks for the great work. Not sure of the value of the "ConfirmEmail" if login is still permitted without having confirmed the email. Is there something I'v missed?
IIS after recycling do not understand headers and return 401 to every request (not only for [Authorize] methods, even to static content).
Client treats himself as authenticated.
In the LoginCtrl first line redirectAuthenticated('/') redirects.
Security.logout() failed with 401.
Only deleting browser history helps.
First: Great work! Thanks! your provider saved me from a lot of headacheโ.
When logging in with or without remember me, the object security.user contains the returned values from the server:
{"access_token":"XXX-LOOONG-XXX","token_type":"bearer","expires_in":1209599,"userName":"admin",".issued":"Tue, 11 Feb 2014 20:18:28 GMT",".expires":"Tue, 25 Feb 2014 20:18:28 GMT"}
Perfect, thats excactly what i want to know about the user from a security aspect. ๐
But, when you refresh the browser / open a new window security.user contains:
{"UserName":"admin","Email":"[email protected]","IsConfirmed":false,"HasRegistered":true,"LoginProvider":null}
The only interesting thing here from a security aspect is UserName. ๐ This will not help much for future api calls when a user has ticked rememberme or a browser refresh is made. (Internet Explorers "security" warnings that all the time....! And some users too.)
As a small workarround i have modified your initialize function to have at least the access token.
Api.getUserInfo(accessToken()).success(function (user) {
Security.user = user;
Security.user.access_token = accessToken();
if (securityProvider.events.reloadUser) securityProvider.events.reloadUser(Security, user); // Your Register events
});
Maybe you should store all the infos from the /token response into session / local storage and return those here instead of the user info object.
Merging userinfo with the security related infos would not be a good idea in my opinion. In my case this would be arround 40 properties. Maybe you can simply copy your code into a new method? security.getUserInfo()?
Hi!
IMHO, there's a piece of code with is a copy/paste issue:
if (securityProvider.events.login) securityProvider.events.logout(Security);
There is 'login' instead of 'logout' in if condition
When login success will redirect url, i know can set something, maybe return url or securityProvider.urls.home. But in my case, I get return url after login, if this code exist, it will go to A url then B url, it's bad.
Security.redirectAuthenticated(redirectTarget() || securityProvider.urls.home);
Can remove this code or add param to ignore it?
Not sure this is an 'issue' as such. What you have done so far is amazing and I'm grateful for that alone.
But might you consider extending it to work with 3rd Party Login providers?
In angular-spa-security.js, simply add:
1)
setPassword: '/api/account/setPassword',
setPassword: function (data) {
return $http({ method: 'POST', url: Urls.setPassword, data: data });
},
Security.setPassword = function (data) {
var deferred = $q.defer();
Api.setPassword(data).success(function () {
deferred.resolve();
}).error(function (errorData) {
deferred.reject(errorData);
});
return deferred.promise;
};
HttpContext.Current.User.Identity.GetUserId() returns null
How to get userId on server side?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.