In my last two blogs, you created a set of Angular classes to support user authentication and authorization. You also built a .NET Core Web API project to authenticate a user against an SQL Server table. An authorization object was created with individual properties for each item you wished to secure in your application. In this blog, you are going to build an array of claims and eliminate the use of single properties for each item you wish to secure. Using an array of claims is a much more flexible approach for large applications.
Sometimes, you may need to upload files to your server via an Angular application. There are a few different methods you may use. Today, I am going to present a method that works well for small files up to about two megabytes in size. In this blog, you build two projects: a .NET Core Web API project and an Angular project. You build these two projects from scratch using the Angular CLI, .NET Core, and Visual Studio Code editor.
On April 2, 2018, Paul D. Sheriff released his 17th Pluralsight course entitled: “Angular Security Using JSON Web Tokens.” For a short trailer about this course visit https://bit.ly/2q22iCK.
I previously published a couple of articles on how to create a security system in Angular. In those articles, a set Angular classes for users' authentication/authorization were created. You used these classes to login a user and create a set of properties in a class to turn menus and buttons on and off. For each menu, or button, you want to turn on or off, you have a corresponding property in a AppUserAuth class. This works for smaller applications, but for larger applications, you would be best to use a traditional claims-based approach.
In Part 1 of this article, you created a set Angular classes for users and user authentication/authorization. You used these classes to login a user, create a set of properties in a class to turn menus and buttons on and off. In this article you learn to authenticate users against a Web API method. That method returns an authorization object with the same properties as the classes you created in Angular. You are also going to learn to secure your Web API methods using JSON Web Tokens (JWT). You use the [Authorize] attribute to secure your methods, and you learn to add security policies too.CodeProject
In most business applications, you are going to want to disable, or make invisible, different features such as menu items, buttons and other UI items, based on who is logged in and what roles or permissions they have. Angular does not have anything built-in to help you with this, so you must create it yourself. There are two different pieces to security you must worry about with Angular applications. First, you must develop the client-side security, which is the subject of this article. Second, you must secure your Web API calls, which will be the subject of another article.
On December 22, 2017, Paul D. Sheriff released another www.pluralsight.com course on Angular. This one is entitled Building Reusable Angular Services: Configuration Management and continues his series on building Angular Services that are useful in many different applications.
In the last blog post you learned how to structure your jQuery applications like Angular applications. You created a single page on which to host all your other pages. In this post you are going to put those techniques to work by building a complete list, add, edit and delete page as shown in Figure 1 and Figure 2. You are going to use a Person table full of data such as First Name, Last Name, Email and Salary data for a set of people.
You may not know, but two principals at Fairway Technologies are published authors at Pluralsight.com. Pluralsight is the leader in online technology courses. Paul D. Sheriff and Michael Krasowski have created over 20 courses covering topics from Project Management, Estimation to WPF, MVC and Angular. Check out the complete list of the courses produced to date.