davidmdem
commented
6 years ago Great question! Sorry, it's been a busy few weeks and I hadn't checked my GitHub alerts.
A week or so ago someone else asked about CAS auth in the context of a SPA application - I will put up an example and see if I'm hearing the question correctly.
I believe it should work in much the same way that the current examples work, but your site will only have the one index page/route.
If we're talking about a client application that is it's something that is 100% HTML/CSS/JS & WebApi without any type of .NET page handling for the index page or a client that is incapable of using cookies, then it might be a different story requiring something like JSON tokens.
I have some questions. I succesfully created a webapi project with netcore 2.1. If a open a browser, and hit an url, it redirects me to the login page, after successfull login I get redirected to my url and get the response.
I noticed that the ".AspNetCore.Cookies" cookie is set on my browser and if I use postman and send the cookie in the header, I'll get results.
I have an angular6 application. This app redirects to CAS login, and returns with a Service Ticket. Who should validate the service ticket and set the cookie? Angular or the WebApi?
Does the angular app, needs to add the cookie or the ST in the header for any request? (Maybe an HttpInterceptor?
Thanks!