How Does a .NET Full Stack Developer Handle Authentication Using ASP.NET Core and Angular?

How Does a .NET Full Stack Developer Handle Authentication Using ASP.NET Core and Angular?

✅ Introduction

In modern web applications, authentication is essential for protecting user data and resources. A .NET full stack developer often builds secure login systems using:

ASP.NET Core (backend API)

Angular (frontend SPA)

JWT (JSON Web Token) for token-based authentication

Let’s walk through the complete process step by step.


🔐 Step 1: Set Up ASP.NET Core Authentication API

Create a new Web API project:

dotnet new webapi -n AuthDemoAPI

Add JWT support via NuGet:

dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer

Configure JWT authentication in Program.cs:


builder.Services.AddAuthentication("Bearer")

    .AddJwtBearer("Bearer", options =>

    {

        options.TokenValidationParameters = new TokenValidationParameters

        {

            ValidateIssuer = true,

            ValidateAudience = true,

            ValidateLifetime = true,

            ValidateIssuerSigningKey = true,

            ValidIssuer = "yourdomain.com",

            ValidAudience = "yourdomain.com",

            IssuerSigningKey = new SymmetricSecurityKey(

                Encoding.UTF8.GetBytes("yourSuperSecretKeyHere"))

        };

    });

Protect your API endpoint:

[Authorize]

[HttpGet("protected")]

public IActionResult GetSecret()

{

    return Ok("This is a protected API response.");

}

👤 Step 2: Create Login Endpoint

Create a login DTO:

public class LoginModel

{

    public string Username { get; set; }

    public string Password { get; set; }

}

In your controller:


[AllowAnonymous]

[HttpPost("login")]

public IActionResult Login([FromBody] LoginModel login)

{

    if (login.Username == "admin" && login.Password == "pass123")

    {

        var claims = new[]

        {

            new Claim(ClaimTypes.Name, login.Username)

        };


        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("yourSuperSecretKeyHere"));

        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);


        var token = new JwtSecurityToken(

            issuer: "yourdomain.com",

            audience: "yourdomain.com",

            claims: claims,

            expires: DateTime.Now.AddMinutes(30),

            signingCredentials: creds);


        return Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token) });

    }


    return Unauthorized();

}

🌐 Step 3: Angular Frontend – Set Up Authentication Flow

Create Angular service for auth:

ng generate service auth

In auth.service.ts:

import { HttpClient } from '@angular/common/http';

import { Injectable } from '@angular/core';


@Injectable({ providedIn: 'root' })

export class AuthService {

  private apiUrl = 'https://localhost:5001/api';

  constructor(private http: HttpClient) {}

  login(userData: any) {

    return this.http.post(`${this.apiUrl}/login`, userData);

  }

  storeToken(token: string) {

    localStorage.setItem('authToken', token);

  }

  getToken() {

    return localStorage.getItem('authToken');

  }

  logout() {

    localStorage.removeItem('authToken');

  }

  isLoggedIn(): boolean {

    return !!this.getToken();

  }

}

🔁 Step 4: Attach JWT to Requests

Use HTTP Interceptor:

ng generate interceptor token

In token.interceptor.ts:


import { HttpInterceptor, HttpRequest, HttpHandler } from '@angular/common/http';

import { Injectable } from '@angular/core';

import { AuthService } from './auth.service';


@Injectable()

export class TokenInterceptor implements HttpInterceptor {

  constructor(private auth: AuthService) {}


  intercept(req: HttpRequest<any>, next: HttpHandler) {

    const token = this.auth.getToken();

    if (token) {

      const cloned = req.clone({

        headers: req.headers.set('Authorization', `Bearer ${token}`)

      });

      return next.handle(cloned);

    }

    return next.handle(req);

  }

}

Add it to providers in app.module.ts:


providers: [

  { provide: HTTP_INTERCEPTORS, useClass: TokenInterceptor, multi: true }

]

🔒 Step 5: Protect Angular Routes

Use route guards:

ng generate guard auth

Then in auth.guard.ts:


import { Injectable } from '@angular/core';

import { CanActivate, Router } from '@angular/router';

import { AuthService } from './auth.service';


@Injectable({ providedIn: 'root' })

export class AuthGuard implements CanActivate {

  constructor(private auth: AuthService, private router: Router) {}


  canActivate(): boolean {

    if (this.auth.isLoggedIn()) {

      return true;

    }

    this.router.navigate(['/login']);

    return false;

  }

}

Apply guard in app-routing.module.ts:


{ path: 'dashboard', component: DashboardComponent, canActivate: [AuthGuard] }

🛡 Best Practices

Use HTTPS always

Use environment variables for secret keys

Set token expiration and refresh tokens

Hash passwords using bcrypt or Identity framework

Store JWT securely (e.g., HttpOnly cookies for better security)

✅ Summary

By combining ASP.NET Core and Angular, a .NET Full Stack Developer can:

Create secure login/logout flows

Authenticate users with JWT

Protect backend APIs and frontend routes

Manage user sessions effectively

Authentication isn’t just about logging in — it’s about trust, security, and user experience.


Learn Full Stack Dotnet Training Course 

Read more

How does a .NET Full Stack Developer manage communication between the frontend (like Angular or React) and the backend (ASP.NET Core) using RESTful APIs?

Comments

Post a Comment

Popular posts from this blog

Why Choose Python for Full-Stack Web Development

Why Choose Python for Full-Stack Web Development? In today’s digital era, full-stack development is one of the most in-demand skills. Full-stack developers handle both the front-end and back-end of web applications, and choosing the right programming language plays a crucial role in efficiency, speed, and scalability. Python has emerged as a favorite among full-stack developers—and for good reason. Let’s dive into why Python is a top choice for full-stack web development. 1. Easy to Learn and Use Python’s syntax is simple and readable, making it easy for beginners to pick up and start building. It feels more like writing English than coding. This simplicity reduces development time and allows developers to focus more on solving problems than worrying about language complexities. Example: print ( "Hello, world!" ) This is all it takes to print a message in Python! 2. Strong Framework Support Python offers powerful web frameworks like: Django – A high-level frame...
Read more

How Generative AI Differs from Traditional AI

  How Generative AI Differs from Traditional AI As Artificial Intelligence evolves, a new term dominates the tech conversation: Generative AI . But how does it differ from what we’ve traditionally known as AI? Let’s break it down. 1. What Is Traditional AI? Traditional AI refers to systems designed to recognize patterns, make decisions, and solve problems based on structured data and predefined rules. Key Examples: Fraud detection systems Recommendation engines Rule-based chatbots Predictive analytics in finance or healthcare These systems are excellent at answering: “What will happen?” “Is this spam?” “What product should I recommend?” They’re built on: Machine learning (ML) Deep learning (for image/text recognition) Decision trees, regression models, etc. 2. What Is Generative AI? Generative AI is a subset of AI that creates new content —such as text, images, music, code, or videos—by learning patterns from existing data. Key Examples:...
Read more

What is Tosca? An Introduction

What is Tosca? An Introduction to Tricentis Tosca in 200 Lines In a world driven by digital transformation, testing software efficiently and effectively is not just important—it’s vital. That’s where Tosca steps in. 1. What is Tosca? Tosca is a model-based test automation tool developed by Tricentis. It helps QA teams automate functional and regression testing for enterprise applications across web, desktop, API, and mobile platforms. 2. Why Tosca? Because traditional testing is often: Slow Manual Brittle Hard to scale Tosca offers a smarter way with: No-code automation End-to-end testing Risk-based testing Seamless CI/CD integration 3. Who Uses Tosca? Tosca is used by: QA Engineers Business Analysts DevOps Teams Large enterprises (especially in banking, healthcare, telecom, etc.) 4. Core Concept: Model-Based Testing Instead of scripting every test case, Tosca allows you to model the UI and logic of your application. This means: Creating reusable components Updating tests quickly when ...
Read more