A simple example of how to protect an ASP.NET 5 / MVC 6 (working against beta 8 as of 19/10/2015) project using simple self-created JWT bearer tokens for local username/password checking.
DO NOT USE IN PRODUCTION
This example is to show the principles required to acheive local token authentication, and the following things should be changed before production usage:
- The random-generated private keys in Startup.cs should be changed and factored out to some sort of secure storage and shared amongst all app servers serving your site.
- The error handling is very simple - and may leak application info to the end users as it returns the exception message.
- Refactor the angular code as it has all services and controllers defined in a single file (site.js)
The strategy shown here is based on this StackOverflow answer by @mdekrey, updated for the latest beta and rationalised to be a slightly simpler, complete example.
You can find more information about the principles in my StackOverflow answer to the same question.