In my previous post I explained how to set up windows authentication in an Angular application.
In this post I will explain how to implement authorization in the application based on the authenticated user.
I’m starting this post with the code base of the previous post.
Extending the Web API
I’ll extend the API with a new model, AppUser, which will contain the user information that is necessary for Authorization in the application.
Next I will change the WinAuthController. I’m returning an instance of the AppUser object when the user is successfully authenticated.
Typically, you would want to load the information from a database or something. To keep things simple, I’m just returning the domain name and a fixed role.
Extending the Angular application
In the Angular application, I’m moving the AuthenticationService into a separate Angularmodule, which I’m calling ‘debiese.security’. I’ll also add an AuthorizationService