Simple, mock api showcasing implementation of claim based authorization with login, salt and password hash held in the database.
Role | Query result |
---|---|
Api is built with proper separtion. That allows making changes to either domain or database, without the need to change requests or responses which effectively are a form of contract.
Passwords are not stored in database, password hashes and salts are. Hashes are generated with 128bit random salt using PBKDF2 with HMACSHA256 key and 10K iterations.