Well, good afternoon.
I need some help. My backend was written in nodejs and is in IIS. My frontend is angular and still in my machine being debugged. My login page is working as expected, connecting seamlessly. But when the application sends the request to the backend it is possible to get the username and password both via browser and using wireshark. How can I hide this information? Example: When we use the browser login box for this type of authentication, it does not make the login information and password visible.
My code:
login(username: string, password: string): Observable<User> {
const body = { username: username, password: password };
const headers = new HttpHeaders();
headers.append("Authorization", "Basic " + btoa("username:password"));
headers.append("Content-Type", "application/x-www-form-urlencoded");
return this.http
.post<User>('${BASE_URL}/sign-in', body, { headers: headers })
.do(user => (this.user = user));
}
wireshark image after login in application:
