Web Client

VSW16 Securing Client JavaScript Apps


4:00pm - 5:15pm

Level: Introductory to Intermediate

Brian Noyes

CTO and Co-founder


One topic often pushed to the side when discussing SPAs is security. Whether you're talking Angular, Aurelia or some other framework, the short answer is "you can't secure the client side." However, the reality is you still need to secure your application as a whole. This session will show you what you can and can't do with security in Angular and Aurelia. You'll learn how you can protect the application as a whole with a combination of securing the files that compose your application, providing a good user experience for login and authorization in your client side app and securing the Web API calls that your Angular app depends on to access the sensitive parts of your application, especially the data. You'll also learn other aspects of security in which the client side participates, including CSRF/XSRF protection and CORS support. You'll learn all this primarily in the context of using ASP.NET for your hosting environment of your Angular or Aurelia app. You'll also touch on what the corresponding options are and what support is needed for other back end host such as NodeJS.

You will learn:

  • What parts of your SPA you can secure and how
  • How to work with secured Web APIs in your SPA
  • How to manage CSRF and CORS