如何在Angular JS应用程序中处理身份验证 [英] How to handle authentication in Angular JS application

问题描述

我在我的angular js应用程序中实现了一个授权系统。

I am implementing an auth system in my angular js app.

我计划如下：

1. 获取用户信息（姓名并从登录表单传递）


2. 检查用户是否存在


3. if存在服务器响应会话cookie，前端将重定向到某个页面。


4. 然后用户将执行一些任务，将生成API请求


5. API请求应该具有在步骤3发送的Cookie信息。


6. 服务器检查是否生成了cookie，如果找到cookie，则使用API​​请求结果进行响应。在我的服务，我做的像

1. Get user info(name and pass from login form)
2. Check whether user exists or not
3. if exists server respond with a session cookie and frontend will redirect to a certain page.
4. then user will do some task which will generate API request
5. API request should have cookie information that was sent on step 3
6. server check whether the cookie was generated or not and if cookie was found then respond with the API request results. And in my service I am doing something like

    MyApp.service('myAuth', function($http, $q) {
        this.authHeader = null;
        this.checkAuth = function(){
        //do api call and if success sets this.authHeader = response
        }
        this.isAuthenticaed = function(){
            this.authHeader ? return this.authHeder  : return false;
       }

提交登录表单后，我将调用checkAuth，并从我的服务器获取我的会话cookie，如何在执行下一个REST调用时添加cookie信息，以及用户在登录后浏览整个应用程序我想检查每次isAuthenticaed true或false，在Angularjs当它将导航到另一个页面重置后，它设置为真从第一次调用吗？和我的方法1-6好，或者你有任何具体建议吗？$

After submitting the login form I will call checkAuth and get my session cookie back from my server, how I can add the cookie information while doing the next REST call and also when user will navigate throughout the application after log in I do want to check each time isAuthenticaed true or false, in Angularjs when it will navigate to another page does it resets after setting it true from the first call? And is my approach 1-6 good or do you have any specific suggestions? Btw I checked previous so entries but those are not what I want to know.

推荐答案

我不确定你的

• 创建一个单独的登录页面（专用url无角子视图或
  modal对话）。


• 如果用户未通过身份验证重定向到此登录
  页面。这是由服务器重定向。此页面可能使用也可能不使用
  angular框架，因为它只涉及向
  服务器发送user\password。


• 进行POST（不是AJAX请求）


• 在服务器上设置auth cookie。


• 一旦用户通过身份验证，将用户重定向到实际的角度应用程序并加载其所有组件。

• Create a separate login page (dedicated url not angular sub view or modal dialog).
• If the user is not authenticated redirect to this login page. This is done by server redirects. This page may or may not use angular framework, as it just involves sending a user\password to server.
• Make a POST (not AJAX request) from the login page, and verify on server.
• On the server set the auth cookie. (Different frameworks do it differently. ASP.Net sets form authentication cookie.)
• Once the user is authenticated redirect user to the actual angular app and load all its components.

这会保存任何需要在Angular客户端管理身份验证的代码。

This saves any code require to manage authentication on client side in Angular. If the user lands on this page he is authenticated and has the cookie.

此外，默认的浏览器行为是每个请求都发送与域名相关联的所有Cookie，因此您可以如果角度发送一些cookie，就不用担心。

Also default browser behavior is to send all cookies associated with a domain with each request, so you don't have to worry if angular is sending some cookie or not.

这篇关于如何在Angular JS应用程序中处理身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！