0

I'm wondering if there is a way to implement authentication and login with angular's route provider. My thought is, that the client can just edit the js-code before the page is loaded and therefore he can disable all security-mechanisms (e.g. a resolve object in the route config).

What would be the best practise fo authentication with angular if I want to use the route provider, if there's any?

Thanks in advance

Improve this question
2
  • 2
    You would probably want all your authentication on server. Do not serve templates/controllers if user is not allowed to use them. And check everything that comes to server and if user has required permissions to send such data. Commented May 21, 2014 at 7:28
  • 1
    frederiknakstad.com/2013/01/21/… Commented May 21, 2014 at 7:37

1 Answer 1

Reset to default
1

Running authentication on the client is never a good idea. You discovered the problem by yourself, as anybody could give himself free access through changing the javascript code. Even validating the login with the server is not helpful, as the result of this validation is still changeable on clientside.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

so how would I implement the authentication on the server, is there a way with angular's route? Would it possible to use aspx or php to check if the user is logged in?
Using serverside code like asp/php/jsp etc. for validating a users session is totally fine. Angular Routes are no problem to use, but you should validate the session for every single request. In most cases data and templates should be requested seperately. Then you maybe don't need to check the session for template-requests.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.