We are working on a solution with hybrid routing between angularjs and asp.net mvc where we have mini SPA's.
MVC handles the server side routing of navigating between the SPA's and angularjs handles the routing between each SPA.
I have the server and client side routing working.
I then want to be able to protect views/html from rendering based on authentication. I have the resolve property of the routeProvider working and firing the routeChangeError when the conditions are not met.
The authentication on the app is based on JWT with Web API and the token is saved in local storage.
The problem I have is since the different SPA is handled by the server and the authentication is not forms authentication, the page requested renders the layout view and the main view for that SPA before redirecting to the login page if user is not authenticated.
How do I secure the layout view from rendering before angular routeProvider kicks in?
Can I use forms authentication to secure the mvc application with its views and angularjs for the mini SPA?
How can I have Web API ignore forms authentication cookie and only check out for authorization header with the bearer token as it's done now?
How can i have my JWT Authorization Server issue a Forms Authentication cookie?