Preventing navigation to secure routes
Preventing access to secure routes using client-side code is not secure. The only secure way to guarantee that users cannot navigate to unauthorized areas of the application is to require that the page be reloaded; this provides the server the opportunity to refuse access to the URL. Reloading the page is not ideal, because it defeats many of the benefits of a rich client application.
While reloading the page to do security is not usually a good idea in a rich client application. It can be useful, if you have a clear distinction between areas of your application. For instance, if your application was really two subapplications, each having very different authentication requirements, you could host them ...