authorization

I want to create an example for authentication and authorization in an SPA angularjs application using asp.net mvc webapi as the backend and client side routing (no cshtml). Below is just example of functions that can be used to set up the complete example. But I just can´t put it all togehter. Any help appreciated. Questions: What is best practise: Cookie or Token based? How do I create the bearer token in angular to authorize on each request? Validation on API functions? How do I preserve the autentication signed in user on the client? Example code: Sign in form <form name="form" novalidate>

I'm trying to avoid the use of the Role Provider and Membership Provider since its way too clumsy in my opinion, and therefore I'm trying to making my own "version" which is less clumsy and more manageable/flexible. Now is my question.. is there an alternative to the Role Provider which is decent? (I know that I can do custom Role provier, membership provider etc.) By more manageable/flexible I mean that I'm limited to use the Roles static class and not implement directly into my service layer which interact with the database context, instead I'm bound to use the Roles static class which has

I create a wcf service with custom authorize and authentication as you can see: public class AuthorizationPolicy : IAuthorizationPolicy { string id = Guid.NewGuid().ToString(); public string Id { get { return this.id; } } public System.IdentityModel.Claims.ClaimSet Issuer { get { return System.IdentityModel.Claims.ClaimSet.System; } } // this method gets called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get the authenticated client identity IIdentity client = HttpContext.Current.User.Identity; // set the custom principal

Why am I not able to give permission/authorization to a Google Apps Script that I also made using the same Google account? It seems like Google doesnt trust myself to use my own Google Apps Script with my own Spreadsheet. Here is the line of code that breaks everything. If this line doesnt exist, I'm not asked for permission. var sheet = SpreadsheetApp.getActiveSheet(); So it's trying to access the spreadsheet that created this Google Apps Script, also made using my account but I cant grant permission. When I run the line of code above, I am told I need to give permissions, so I do by

I create application where every action beside those which enable login should be out of limits for not logged user. Should I add [Authorize] annotation before every class' headline? Like here: namespace WebApplication2.Controllers { [Authorize] public class HomeController : Controller { public ActionResult Index() { return View(); } public ActionResult About() { ViewBag.Message = "Your application description page."; return View(); } public ActionResult Contact() { ViewBag.Message = "Your contact page."; return View(); } } } or there is a shortcut for this? What if I want to change rules for