'ASP.NET Web API with login screen
I have build an ASP.NET Web Application with template Web API. I have one ApiController implementation, which will handle a daily trigger from a scheduled task to calculate some statistics based on data in an SQL database. To make those statistics visible I have added some web pages to the project to show some charts to display the information. The problem I'm currently running into is a lack of security. The web pages are visible to anyone. My requirements are:
- Simple authentication mechanism to prevent unauthorized access (via a login screen with username/password combination, other tips are welcome)
- No database with user accounts, just want to store allowed username password in
web.configsettings.
Could you give me some advice/help, for the best approach?
Sven
Solution 1:[1]
- Simple authentication mechanism to prevent unauthorized access (via a login screen with username/password combination, other tips are welcome)
Is this for a company? Then the users probably already have a user account in something like active directory? Integrate with that. If there is no infrastructure like that available, use something like Google or Microsoft accounts to sign in. There's plenty of info available on MSDN to integrate with those systems.
- No database with useraccounts, just want to store allowed username password in web.config settings.
Don't do this. Just don't. If you can avoid storing passwords don't store them. And don't store them in clear text.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | BennyM |