Supporting authentication and authorization on the client
Securing a rich client application, such as we are building here with AngularJS, is significantly different to securing a traditional, server-based web application. This has an impact on how and when we authenticate and authorize users.
Server-based web applications are generally stateless on the browser. We trigger a round-trip request for a complete new page from the server on every action. So, the server can compute the user's authorization levels on each request, and then redirect to some login page, if necessary.
In a traditional, server-based web app, we would simply send the browser to some login page, and then once login is successful, we redirect back to the original page that ...