Assuming there’s some part of your site a user isn’t supposed to have access to, there’s nothing to stop some user from simply downloading all JS and HTML files you have, and figuring out which one points to the blocked page. So a user can pretty much view a blocked page’s view, without data (since the data comes from the server, and shouldn’t be viewed without an auth).
Can this fix by using auth guard alone? As of mu understanding event though we use auth guard. Please help.
Serve the view as data (view model) instead of as static HTML. Then put auth guard on the view model controllers like you do for your data controllers.
This will add complexity and probably impact performance, but this is how we build enterprise software.
Or use the classic methods: file authorization, like active directory and windows authentication for IIS, or .htaccess or whatever for Apache, but this has its share of headaches and is not easily scalable.
Also ask yourself: what problem am I trying to solve? What is it I am trying to protect, if not just the data? Maybe Angular was not the correct tool for the job. There is always server side rendering like JSP, ASP.NET, PHP...
