Identity, .NET Api and Angular client
Oh boy... anyone knows if its better to use cookies or token based authentication with Identity, Angular and .NET Api ? Are cookies a good practice, in my case ?
I have an Angular application for the client, a .Net Api for the server, postgreSQL database with Identity.
Everything seems to work just fine if I use Swagger to login and then to check WeatherForecast endpoint. I was following this guide : https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-9.0&source=recommendations .
But when I send requests from my Angular client, it doesn't work yet. I created a component to login, with withCredentials: true and then Set-Cookie header is kind of blocked by my browser, I think. It says (when I inspect the Cookies in my browser) that it blocks the cookie because SameSite = Lax while it is cross-origin
I think its because i am including credentials in cross origin request. But I can't understand more than that with the documentation I found : https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials .
Can someone help me ? I need to know if its because I am, for example, not supposed to use cookies if I use an Angular application (I dont use Razor pages, MVC app or Blazor) ?
Also, if cookies is still a good idea, can someone help me understand what is wrong here ? Or just indicating me some documentation where I can find the answers, or a better understanding of this authentication feature ?
Authentication is pretty complicated for me, always has been
. Any help is very appreciated !
I have an Angular application for the client, a .Net Api for the server, postgreSQL database with Identity.
Everything seems to work just fine if I use Swagger to login and then to check WeatherForecast endpoint. I was following this guide : https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-9.0&source=recommendations .
But when I send requests from my Angular client, it doesn't work yet. I created a component to login, with withCredentials: true and then Set-Cookie header is kind of blocked by my browser, I think. It says (when I inspect the Cookies in my browser) that it blocks the cookie because SameSite = Lax while it is cross-origin
I think its because i am including credentials in cross origin request. But I can't understand more than that with the documentation I found : https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials .
Can someone help me ? I need to know if its because I am, for example, not supposed to use cookies if I use an Angular application (I dont use Razor pages, MVC app or Blazor) ?
Also, if cookies is still a good idea, can someone help me understand what is wrong here ? Or just indicating me some documentation where I can find the answers, or a better understanding of this authentication feature ?
Authentication is pretty complicated for me, always has been
. Any help is very appreciated !Learn how to use Identity to secure a Web API backend for single page applications (SPAs).
MDN Web Docs
The Fetch API provides a JavaScript interface for making HTTP requests and processing the responses.
