'How protect .NET Web API with password without database and identity
Given that in future I will implement a gateway with integrated security, I need a fast and simple way to protect a .NET 6 web service: its goal is to be an interface to search in a lucene.net index.
I have some particularity:
- The web service is in a corporate company and external authority like Azure, AWS or Auth0 is not an option
- I don't have any database or persistence layer
- I don't have to manage users list or profile, if caller service has the correct password or token should be able to use all my API without any registration
Now we have an older application with this logic:
- every action has user and password parameters
- user and password are stored in config file
- every call manually check for user and password with config file
I am wondering if there is a better way but just as simple?
I would like to not have to send password in every call and having to write an if in every action
Thanks
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|