Angular and .NET - totally confused

Hi all,
I am a seasoned developer but completely new to authentication. I have read lots of articles and watched videos but all this has done is confuse the hell out of me.

I have an Angular 17 front-end application that I want to add Authentication and Authorization to. I decided to use FusionAuth as I can host it in docker locally.

My Angular application runs on the usual localhost:4200 and FusionAuth on localhost:9011. I can do login flow but when I try to call getUserInfo() from an Angular service, I am seeing a CORS error in Google Chrome console window.

I am not sure that I am going about things the right way. I will have a backend API that uses .NET Core - should I be writing auth as part of the backend using FusionAuth .NET SDK?

Do I need to use the FusionAuth Angular SDK at all?

Eventually the frontend and backend will be deployed into Azure container apps environment using a local Azure Postgresql database for Fusionauth to connect to.

Does any of this make sense?

Regards
Alan

Trying to run FusionAuth inside container app using Nginx as a proxy to provide the required 443 Forwarded-Port header.

When I try to access FusionAuth URl, it just spins before giving stream timeout. Here's my Nginx conf file.

server {
    listen 80;
    server_name myserver.australiaeast.azurecontainerapps.io;

    location / {
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_set_header    X-Forwarded-Port '443';
        proxy_http_version  1.1;

        proxy_pass https://myserver.australiaeast.azurecontainerapps.io;
    }
}

and here's the Dockerfile

FROM fusionauth/fusionauth-app:latest
COPY ./fusionauth.properties /usr/local/fusionauth/config

FROM docker.io/library/nginx:latest
COPY ./nginx.conf /etc/nginx/conf.d/default.conf

Any help greatly appreciated!

Here's where I am at. I have a FusionAuth instance running on Azure giving me a Proxy Configuration Warning error. I thought I would try accessing the FusionAuth instance via my KrakenD API Gateway.

I added some rules to access the /admin path and although it displays the login screen, none of the query parameters are set and I don't see any of the redirects from admin to admin/login and outh2/authorize as I do if accessing FusionAuth directly.

I am assuming that this may be because I need to add KrakenD as an application but I'm not really sure. Anyhow, I can't add an application because of the Proxy error - catch 22.

I would greatly appreciate some input from the FusionAuth team on how I can make this work from Azure Container Apps. FusionAuth is a great product, but if it can't be used from within Azure Container Apps, then it will not receive the uptake it deserves from developers who will abandon it for something that does play nice.

At the moment, reluctantly I may need to do that as getting it to work is too much of a headache and there are project timeframes to be met.

Regards
Alan

Hi,

Is it possible to use the fusionauth docker image in a Dockerfile and pass in the values for the environment variables such as username and password?

Regards
Alan

Hi,

I am trying to use FusionAuth (via docker image) in a Microsoft Azure Container App Environment. I am using a Microsoft Azure PostgreSql Flexible Server instance to host the database - after much hassle getting Private Endpoints etc configured, I can access the FusionAuth container and configure it.

I get an error though - the same as here and I was wondering if there has been any progress made by the FusionAuth team on making this an 'easy' fix as running inside containers is more prevalent these days.

I also have an instance of KrakenD API gateway running inside my container app environment - would I be able to use it to proxy FusionAuth calls and add any missing headers. KrakenD can do authentication using Keycloak/Auth0 etc - would this be a possibility?

Looking for some real world help on my options.

Thanks
Alan

@tanguy-e

I have so far managed to authenticate on the front-end in the Angular app using the hosted FusionAuth pages and the FusionAuth Angular-SDK. I can see the cookies using DevTools. I haven't figured out yet how to retrieve a user's roles.

I am planning to use KrakenD as a gateway to the .NET Core backend so I need to set up auth between it and FusionAuth.

The FusionAuth Angular SDK is quite limited in functionality - I am planning to maybe switch over to the FusionAuth Typescript SDK which has a lot more functionality built-in.
Perhaps you should check that out.

Happy to discuss implementations with you whilst we wait for the hopefully quite detailed) reference sample.

Regards
Alan

Hi,

When using the hosted Passwordless login pages, is it possible to prepopulate the email address from something passed via the state parameter?

The only reason I want to do this is because I want to check if a user exists in an old system before attempting the sign in.

What is the recommended way of performing account recovery when using passwordless login only?

Regards
Alan

Hi,

I am running FusionAuth inside a Docker container on Ubuntu. My application is Angular running on the same machine. I have MailDev running in a Docker container and configured correctly in FusionAuth.

I have set up passwordless login using the endpoints

api/passwordless/start
api/passwordless/send
api/passwordless/login

as per the documentation.

I have two issues that I am struggling to resolve/understand:

1. When I call the send endpoint, MailDev does not receive the email. If I do the same thing using Postman, it does. There is nothing in the Event log.

2. All three endpoints work because if I enter the code on my front-end UI, I get a valid response with token, user etc. I have looked through the documentation but I'm not quite sure what I'm supposed to do with this response - what do I need and where should I store it?

Any help appreciated.
Alan

Hi all,

I am currently performing passwordless login flow by calling the API endpoints directly from my front-end application.

I have read that it is possible to use an API Gateway such as Kong etc to perform the OAuth exchange with FusionAuth. I am currently looking to use KrakenD for this purpose but I am looking for guidance on this should be implemented.

Regards
Alan

@mark-robustelli

Sorry Mark, no I don't understand and the documentation is as clear as mud for anyone totally new to implementing Auth. I can't find a single useful example that CLEARLY explains what I need to do and how to do it.

If I use the FusionAuth Angular SDK from my client-side Angular application running in the browser, is this secure and does this using Authorization Code Flow with PKCE?

From all my reading across various auth providers, BFF is the way to go - but I don't necessarily want my Angular app hosted by .NET.

I have a front-end Angular app - what is the most secure way to do auth?
Should I be using the Angular SDK or not?
What about session management?
I have .NET APIs that supply data to the front-end (I could call these directly but I'd like to use an API Gateway like KrakenD) - what do I need to do to achieve this?
If I want to use my own UI, how does this change things?

I've read loads of articles and documentation to the point where I don't know if I'm coming or going.

@mark-robustelli

The Angular app is a Nx monorepo. The backend consists of multiple DotNet microservices providing data for the frontend. The backend services communicate via Dapr and queues/events, however there needs to be authentication and authorization to these.

From all my reading, the best way to do this is using Open ID Connect Authorization Code Flow with PKCE. I'm just not sure how I implement that with FusionAuth.

I am looking at the BFF pattern but I want to also use KrakenD as an API gateway. Perhaps I'm over-complicating it.

Regards
Alan