Ember.js – Getting Started with Ember.js

Ember.js – Getting Started with Ember.js

My Web application is a Single Page Application and its server front-end is a mix of ASP.NET MVC and WebAPI routes. All View routes (actually the only one) allows anonymous access. But all ApiController’s are guarded by AuthorizeAttribute. There’s a special ApiController – SecurtyApiController with the following routes: Login and GetCurrentUser methods (all these routers are mapped onto corresponding methods) allow anonymous access.

Cookies are bad for you

Most web applications today use browser cookies to keep a user logged in while she is using the application. Cookies are a decades-old device and they do not stand up well to security threats that have emerged on the modern web. In particular, cookies are vulnerable to cross-site request forgery. Web applications can by made more secure by using OAuth for session authentication.

This post is based on a talk that I gave at Open Source Bridge this year. The slides for that talk are available here.