Atlas has a security configuration as well. Lookin gat your screenshot, i don’t see a ‘sign in’ link at the top.
The default config.js file (in /js/config/app.js) has this value specified:
appConfig.userAuthenticationEnabled = false;
In order to enable security (if your WebAPI has security enabled) you need to override this setting in a file called /js/config-local.js which will have a value like:
config.userAuthenticationEnabled = true;
In addition, there are a number of default authProviders that are defined by default. if you only want a subset of those, you will override the authProviders array in config-local.js to only include those you want to use.
@anthonysena, I don’t think the security setup in WebAPI covers the configuration for Atlas, and I don’t know if that should be included in the WebAPI documentation, or if the Atlas side needs an update.
@ambuj, I believe your SSL is set up properly: when you got the HTTP 401 resposne by going to /WebAPI/source/sources, your address bar shows that the SSL certificate seems to be working (unlike the second screenshot of atlas where https://10.70.7.25 is showing Not Secure. Means your SSL is configured for WebAPI connection, but your HTTP Server is not.
The 401 response is proper considering I believe your atlas is not configured to authenticate and so all requests to WebAPI will be un-authenticated, and therefore you will get a 401. Likewise, when you try to access any WebAPI endpoint directly through the browser with security enabled, none of the authorization headers are set up so it will think you are unauthorized.
I haven’t done too much work with security enabled, but it’s possible that once you have Atlas configured for authentication, once you authenticate in Atlas, you can go to a new tab and invoke WebAPI endpoints because the site’s cookie should remain in your session and it should authenticate. However, this is a theory, I could be wrong, so let me know what you find.
-Chris
