search

hackgvl / trolley-tracker-api-dot-net

API for tracking Greenville's trolleys with .NET
MIT License
4 stars 6 forks source link

Authentication for Web API #2

Closed bikeoid closed 9 years ago

bikeoid commented 9 years ago

Microsoft doesn't support Basic Authentication out of the box, so it was manually added in the App_Start folder. The passwords were embedded in the software. What is the proper way to assign basic auth credentials so that they don't appear in the public Repo? Is there a better way to authenticate our web app?

thedanfields commented 9 years ago

We should plop them in the backing datastore on the user table or something like it.

On Wed, Aug 5, 2015, 7:35 AM bikeoid notifications@github.com wrote:

Microsoft doesn't support Basic Authentication out of the box, so it was manually added in the App_Start folder. The passwords were embedded in the software. What is the proper way to assign basic auth credentials so that they don't appear in the public Repo?

— Reply to this email directly or view it on GitHub https://github.com/codeforgreenville/trolley-tracker-api-dot-net/issues/2 .

bikeoid commented 9 years ago

That's a good idea - adding roles to that table will also solve both authorization issues at once.

bikeoid commented 9 years ago

Added roles and rely on unpublished datastore in #2. Not deployed until the new server is ready.