There are many reasons your company might be considering moving your operations to the cloud. Perhaps you have an aging mainframe that is costly to maintain and repair, or you are having a hard time finding skilled people to service it. Maybe your IT team is spending more time and money upgrading hardware than innovating. Or, it could be that you are not considering a move to the cloud but are curious about its pros and cons. In this blog post, we will address common concerns about moving to the cloud so that you can carefully consider your options and make the right decision for your business.
In my last two blogs, you created a set of Angular classes to support user authentication and authorization. You also built a .NET Core Web API project to authenticate a user against an SQL Server table. An authorization object was created with individual properties for each item you wished to secure in your application. In this blog, you are going to build an array of claims and eliminate the use of single properties for each item you wish to secure. Using an array of claims is a much more flexible approach for large applications.
On April 2, 2018, Paul D. Sheriff released his 17th Pluralsight course entitled: “Angular Security Using JSON Web Tokens.” For a short trailer about this course visit https://bit.ly/2q22iCK.
I previously published a couple of articles on how to create a security system in Angular. In those articles, a set Angular classes for users' authentication/authorization were created. You used these classes to login a user and create a set of properties in a class to turn menus and buttons on and off. For each menu, or button, you want to turn on or off, you have a corresponding property in a AppUserAuth class. This works for smaller applications, but for larger applications, you would be best to use a traditional claims-based approach.
In Part 1 of this article, you created a set Angular classes for users and user authentication/authorization. You used these classes to login a user, create a set of properties in a class to turn menus and buttons on and off. In this article you learn to authenticate users against a Web API method. That method returns an authorization object with the same properties as the classes you created in Angular. You are also going to learn to secure your Web API methods using JSON Web Tokens (JWT). You use the [Authorize] attribute to secure your methods, and you learn to add security policies too.CodeProject
In most business applications, you are going to want to disable, or make invisible, different features such as menu items, buttons and other UI items, based on who is logged in and what roles or permissions they have. Angular does not have anything built-in to help you with this, so you must create it yourself. There are two different pieces to security you must worry about with Angular applications. First, you must develop the client-side security, which is the subject of this article. Second, you must secure your Web API calls, which will be the subject of another article.