JMan JMan - 1 month ago 7
AngularJS Question

Is the security around web api template that visual studio provides enough?

I'm building a web app using angular 2 + web api. I have created the api using web api template that vs provides. I manage to create the log in of my app, what I did was pass the user name and password using basic authentication over https and api responds with a token + some details such as token exp, username etc., I then store these details in a local storage and use it to validate if the user is authenticated. Is the security around what I did enough?

Answer

Foremost, the kind of security that your application needs depends on what kind of data you are dealing with.

FYI, basic authentication is a really old technique which was drafted in 1999.

If you have security as a necessity for your application, you could go with OAuth 2.0 or JWT/Bearer tokens or you could even use basic authentication only for the initial API requests, get the token and then proceed with the token in the following requests.