itknowhowcentral Logo
Popular:
  1. Home
  2. Explain Authentication vs Authorization between Angular and .Net Web API
  • Authentication Confirms identity (login) 
  • Authorization Confirms what a user is allowed to do ;

 

Authentication is the process of verifying the identity of the user or application making the request.

  • Token-Based Authentication (JWT - JSON Web Tokens): the most popular and recommended approach for modern web applications.
  • How it works:
    • Login Request (Angular): The user submits their credentials (username/email and password) to the Angular application.
    • Credentials Sent to API (Angular): Angular sends these credentials to a specific login endpoint on the .NET Web API (usually via an HTTP POST request).  
    • Authentication (API): The .NET Web API receives the credentials and authenticates them against a user store (e.g., a database using ASP.NET Core Identity).
    • Token Generation (API): If authentication is successful, the .NET Web API generates a JWT. This token contains information about the user (claims) and is digitally signed to ensure its integrity.  
  • Generate JWT token at Web API.
  • Do Angular Side (Token Handling, Add Guard and Interceptors)
  • Add and Use Auth Guard in Angular.
  • Add Interceptor in Angular

 

Authorization determines what actions an authenticated user is permitted to perform. This is typically handled on the backend (.NET Web API).

Related Question