如何保护我的AngularJS和WebApi应用程序-HowtosecuremyAngularJSandWebApiapplication

15  

When it comes to securing the API you have two main approaches

在保护API方面，您有两种主要方法

1. COOKIE based approach. This is the traditional way, where you use the standard form to authenticate the user and then set the form authentication COOKIE. All unauthorized request take the user to login page. If your API is always supported by UI front end to do login this method with work.
2. 基于COOKIE的方法。这是传统方式，您使用标准表单对用户进行身份验证，然后设置表单身份验证COOKIE。所有未经授权的请求都会将用户带到登录页面如果UI前端始终支持您的API，请使用work登录此方法。
3. Second is using the authorization token in the header of the request. Once the user is authenticated he get a auth token, which he has to attach to every subsequent request in the Authorize HTTP header. Learn more about it here Individual Accounts in ASP.NET Web API . The advantage here is that you can expose your API without requiring a login page.
4. 其次是在请求的标头中使用授权令牌。一旦用户通过身份验证，他就会获得一个身份验证令牌，他必须将其附加到Authorize HTTP标头中的每个后续请求。在ASP.NET Web API中了解有关它的更多信息。这里的优点是您可以在不需要登录页面的情况下公开您的API。

But remember when using the second approach, the auth token has to be stored on the client side as all subsequent request require this token. Look at this blog post COOKIEs vs Tokens. Getting auth right with Angular.JS to understand how to work with token.

但请记住，在使用第二种方法时，身份验证令牌必须存储在客户端，因为所有后续请求都需要此令牌。看看这篇博客文章COOKIEs vs Tokens。使用Angular.JS获得认证，以了解如何使用令牌。

Hope it helps.

希望能帮助到你。

9  

Here's a great article about using Angular JS with WebAPI 2.0 token based authentication.

这是一篇关于使用Angular JS和基于WebAPI 2.0令牌的身份验证的精彩文章。

http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/