Hey everyone! I’m working on a new web application and need help with user authentication setup. My tech stack includes an Angular frontend that communicates with a .NET Core Web API backend. The backend uses Entity Framework to connect with a MySQL database.
I’m looking for recommendations on the most effective authentication strategy for this combination. I’ve come across JWT tokens in my research but haven’t found a complete implementation guide that covers this specific technology stack.
What authentication methods would you suggest for Angular + .NET Core API? Has anyone implemented JWT successfully with this setup? I’d appreciate any guidance or examples you can share.
I implemented JWT authentication for a similar Angular/.NET Core setup last year and found it quite straightforward once you understand the flow. The key is configuring the JWT middleware properly in your .NET Core API startup and ensuring your Angular app stores tokens securely in memory rather than localStorage to prevent XSS attacks. One challenge I encountered was handling token refresh seamlessly - I recommend implementing a refresh token mechanism alongside your access tokens. The Microsoft documentation for JWT Bearer authentication in .NET Core is actually quite comprehensive and includes examples for your exact stack. Make sure to configure CORS properly between your Angular app and API, as authentication headers can cause issues if not set up correctly. The Entity Framework integration is minimal since you’ll mainly need a users table for storing credentials and potentially refresh tokens.
what about cookie-based auth vs jwt? ive been debating this for my project too - are there specific reasons you’re leaning towards jwt over traditional session cookies? also curious about your database schema - how are you planning to handle user roles and permissions with EF?
jwt works gr8 but dont forget about the expiration handling on frontend side. had issues where users got logged out randomly because tokens expired mid-session. also consider oauth2 with identity server if u need more complex auth flows later