I'm writing a fairly large application, with a HTML/CSS/JS frontend, using AngularJS and a ASP.NET MVC Web API as a backend.
I would like users to be able to authenticate, I've installed ThinkTecture AuthorizationServer on a separate machine, and there is an ADFS instance running on the Domain Controller. Currently, I'm using the web page supplied with ADFS for login, but it would be nice if I could use my own page, which would ask for the username/password combo, pass it to AuthorizationServer/ADFS, and then just use the authentication token after that.
Has anyone done something similar?
Regards, Daníel
Authentication SchemesThe Form authentication scheme uses a HTML web form for the user to enter their username and password credentials and HTTP Post requests to submit to the server for verification. It may also be used programmatically va HTTP POST requests.
<input type="text" placeholder="Enter Username" name="username" required> <label>Password : </label> <input type="password" placeholder="Enter Password" name="password" required> <button type="submit">Login</button>
In fact you user will be log in your SPA then you have a server side (Java or .NET or *) that get this request.
The server ask the token to ADFS , ADFS send the token and your server pass the token to AngularJS in the response via a cookie.
In Angular side nothing to do expect an http interceptor to check the status of the response (401,403) ...
The cookie will be resent automatically by AngularJS in each request if you want to know how implements an htppInterceptor on AngularJS just check :
AngularJs -.net MVC WebApi Authentication example
In this thread i explain how to implements this step.
Anyway : your SPA is a RIA ok but still the client part of a webapp. I don't think that it's really good (i think it's really bad) to let the client part contact directly the ADFS ... How to prevent Man-In-The-Middle if you do that ?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With