Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You are making an SPA, so I assume everything you want to secure (your <em>data</em>) is delivered through your WebAPI, and you can consider your Angular templates public.</p> <p>In that case, you can basically ignore authentication on the client side, and just authenticate calls to the WebAPI. Any server calls that are unauthenticated, unauthorised, or from an expired session return an HTTP 401, to which your Angular can respond to by redirecting to the login page. You can use an HTTP Interceptor to simplify that code (example here stolen from <a href="http://djds4rce.wordpress.com/2013/08/13/understanding-angular-http-interceptors/" rel="nofollow">here</a>).</p> <pre><code>myapp.factory('myHttpResponseInterceptor',['$q','$location',function($q,$location){ return { response: function(response){ return promise.then( function success(response) { return response; }, function error(response) { if(response.status === 401){ $location.path('/signin'); return $q.reject(response); } else{ return $q.reject(response); } }); } } }]); //Http Intercpetor to check auth failures for xhr requests myapp.config(['$httpProvider',function($httpProvider) { $httpProvider.interceptors.push('myHttpResponseInterceptor'); }]); </code></pre> <p>In addition, if you know that your server-side session timeout is set to 20 mins, then you can also use an HTTP interceptor to keep track of the time of your last HTTP request. When it gets to, say, 19 minutes ago, then you can warn the user that they will be logged off in 1 minute unless they respond, in which case you call a "keep alive" service to reset the timeout, else at 20 minutes redirect to the session expired page. So no need to poll.</p> <p>For a slightly better user experience, upon each view-load you could perform some rudimentary client-side check for the presence of a session cookie. If it doesn't exists (eg. they've landed from a deep-link) then you can immediately redirect to login without calling the server. If it does exist, proceed as normal, knowing the first call to WebAPI will validate it.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload