I am building angular js 1.X application using Asp.net Web API 2 for backend. In web API 2 i can easily get Token by posting my credentials on token end point (ApplicationOAuthProvider) .
Now as angular JS is client side so i need a place on client side to save this token so that i can send this token in all subsequent HTTP calls to validate client .
For this i am have stored my token on local storage of browser .But i am not that is it safe to store token here (Client side).
As anyone having access to my system can easily get token and use it on his machine to login system.
If anyone has suggestion then please guide me .Thanks
This is one of the fundamental challenges of authentication in web applications. The short answer is, "It's good enough."
The longer answer is that you should verify that:
For comprehensive best practices, you ought to spend some time at the OWASP site.