Authentication and Subscription in Web Application Best Practice - authentication

I have an application with Angular in frontend and NodeJs as a Backend.
I want to add a Login/Authentication and Subribtions/Payments to the app and wondering what is the best and easiest solution today. I read about services like Memberstack!?
I also worked with OpenId before and know that some cloud provider got their own solutions.

Related

Windows Authentication in Blazor WASM

I am implementing a WebApp in our company's intranet with Blazor WebAssembly. I need to make API-Calls to our DevOps Server hosted in our intranet and need to use Windows Authentication to access the API. In the former used WPF Client it was enough to just add the UseDefaultCredentials-Flag on the HttpClient, but that does not work in WebAssembly anymore since the App is running in the browser. The Microsoft Docs state We don't recommend using Windows Authentication with Blazor Webassembly, but not recommend does not mean not support, so it has to be possible somehow, to attach the current App-User's Windows Credentials(Token) to the API Call. Unfortunately there exists no example on the docs page on how to implement this and I have not found any code on how to tackle this, although on some forums people wrote that it is possible, but did not include the How in their comments.
I am using .NET5 for both Server and Client and need to make the Api-Call with Windows Authentication from the Client, not the Server as most examples are using it, as my Server-Project uses the same User for all Requests but I need the User of the Client-Project.
Any kind of help is appreciated.

Has anyone successfully implemented Azure AD auth using Server Side Rendering Angular (Angular Universal)?

Currently We have an app that is using Angular Universal for Rendering. We have MSAL auth installed but we get random infinite loops with auth, especially new users.
We have tried catching these events and handling them but it does not seem to work. Looked at some documentation that says, MSAL is still not supported with Node and Server Side Apps.
I cannot use AUTH0. Does anyone have any ideas on how to accomplish the auth against azure ad in this type of app?
MSAL.js at the moment works only with single page applications. Support for Node applications is on the roadmap.
Still, there are a number of 3rd party libraries that you can use for this. I would suggest using passport-azure-ad. You can see a sample application here.

What's the best practice for SPA-PWA authentication?

I'm trying to develop a single page application using web APIs in ASP.NET Core as backend, and React as Frontend.
I was wondering what's the best practice to handle authentication using SPA-PWA technologies, i'd like to use 3rd party authentication so the user won't need to create another account.

Azure Websites Authentication / Authorization

I am using new feature of Azure that enables the active directory authentication for your website without writing any code.
http://azure.microsoft.com/blog/2014/11/13/azure-websites-authentication-authorization/
But the problem is my web application is also hosting some Web APIs, which need to be called without any authentication.
Is there a way (some attributes?) so that I can call Web APIs without any authentication?
Tushar, I see that Byron also replied to your question on his post- and suggested creating another website as for APIs as a work around. However I suggest that you wire-up auth separately for your Web App and APIs following our samples here: https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet, https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
Let me know if you run into any issues.
From the very same article you refer:
Current Limitations
There are some limitation to the current preview
release of this feature:
...
With the current release the whole site is placed behind login the
requirement.
Head less authentication/authorization for API scenarios
or service to service scenarios are not currently supported.
So, no, you cannot have partial APIs or pages anonymously available - all pages and API will be protected by the Azure Active Directory.

How to secure RESTful API

Guys,
I am opening up a bunch of RESTful API, mostly GET at the moment, not modifying anything in the database.
I am planning to use this in our own mobile app, also to one of two trusted developers in the android applications they make.
I would like to know what's the possible & easiest way to secure the API to only the applications I authorize.
What's the best way to do that? I am using Rails 3.2