LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Building Angular and ASP.NET Web API Apps

Unlock this course with a free trial

Join today to access over 24,700 courses taught by industry experts.

Implement the auth interceptor

Implement the auth interceptor

From the course: Building Angular and ASP.NET Web API Apps

Start my 1-month free trial Buy for my team

Implement the auth interceptor

“

- [Presenter] Right now, if anyone finds out about our API endpoints, they can just use them without being authenticated. So, for example, if I just go to transactions, then try it out and then execute, you're going to see that we get a 200 response code and also some data. Now, we did add authentication protection on the front-end side where we check, for example, if the user is logged in or not, we have also added auth guards, but we don't have any security checks on the backend side, and that is what we're going to do in this part. If we just close the browser and then go to the transactions controller, and then down here add authorized attribute, what this means is that all the users that want to access any API endpoints within this controller need to be authenticated, and the authentication of the user has already been configured in the program.cs, but we have not used it so far. We have just created the JWT, which we return to the frontend app and we stored it in the local…

Contents