{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 冷血范 的问题《How to store authentication bearer token in browse》','https://www.manongdao.com/q-459111.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have created a bearer token using ASP.net Identity. In AngularJS I wrote this function to get authorized data.
$scope.GetAuthorizeData = function () {
$http({
method: 'GET',
url: "/api/Values",
headers: { 'authorization': 'bearer <myTokenId>' },
}).success(function (data) {
alert("Authorized :D");
$scope.values = data;
}).error(function () {
alert("Failed :(");
});
};
So I want to store this token into Browser cookies. If this token is present there , then take the token and get the data from IIS server Otherwise redirect to login page to login to get a new token.
Similarly, if user click onto log out button, it should remove the token from browser cookie.
How to do this ? It it possible ? Is it proper way to authenticate and authorize a user ? What to do if there are multiple users token ?
There is a
$cookiesservice available in the AngularJS API using thengCookiesmodule. It can be used like below:For your case it would be:
You will also have to add the angular-cookies module code. And add it to your angular app:
angular.module('myApp', ['ngCookies']);. Docs for Angular Cookies.I would also like to suggest the usage of a
Http interceptorwhich will set the bearer header for each request, rather than having to manually set it yourself for each request.Having the
http interceptorin place you do not need to set theAuthorization headerfor each request.As stated by Boris: there are other ways to solve this. You could also use
localStorageto store the token. This can also be used with the http interceptor. Just change the implementation from cookies to localStorage.I would advise against keeping the data in a cookie, for security purposes you should set the cookies to secure and HttpOnly (not accessible from javascript). If you're not using SSL, I would suggest moving to
https.I would pass the token from the auth endpoint in a json response:
You can save the token data in
sessionStorageby using the$windowservice:It will be cleared once the user closes the page, and you can manually remove it by setting it to empty string:
Edit:
Interceptor implementation for catching data, adapted from cbass (not tested, you can inspect the objects for response/request to fiddle with the information):