I have an AngularJS Single Page Application (SPA) hosted by an ASP.NET MVC application. The back-end is ASP.NET Web Api.
I would like to protect it against CSRF attacks by generating an AntiForgeryToken in the ASP.NET MVC part, pass it to AngularJS, and then have Web Api validate the AntiForgeryToken received from the subsequent AngularJS calls.
However MVC App is hosted on A Server where as webApi is hosted on B Server
Updated from link: AngularJS Web Api AntiForgeryToken CSRF
Story I would like to execute
Story:
- User visits via browser.
Server generates token call it TokenA for anonymous user and save it to Database. Ques: Where i can do this, global.asax or other? However it would be great if i will generate token by SoapBased or Rest Based APi using other Custom Business Library and MVC doesn't have an access of C# library but web api do have
User will do operations like login, signing up using this token.
- this token will authenticate using DB. via WebAPi hosted on different server and AngularJs
- If valid then do login validation or signup validation process
- Once validation done, user can login.
- Once user login, Server generates other role based token call it TokenB i.e for users and specific user based token, call it TokenC.
- with this token, user will do other operations.
- However, user will be validated with the tokenA, TokenB and TokenC. and what type of method i can use to generate these three types of tokens?
Requirement: 1. it is for scalable web app. 2. I would like to store sessions in separate db
What I have: 1 DB and 1 WebServer on godaddy
