I am looking to revamp a business application by utilizing asp.net web api as the service layer and implementing JavaScript to interact with the web api for retrieving and displaying data.
While I have a good grasp on how all the scenarios will function smoothly, the main concern lies in ensuring security. We have a database containing user names and passwords that we need to validate using the web api. Furthermore, we aim to pass the user name and password for each request to verify user rights. What strategies can be employed to enhance the security of this communication?