I am working on the ASP.NET Web API Core 2.2 application which is already developed. We are using SQL Server 2017 as a data base.
Front end is Angular6.
My WEB API application is linked with Entity Framework for storing and retrieving data.
When I am debugging the application even after giving wrong password for the application, I can read data from all tables in the database. Even if I give correct password then also before generating token I can see data from all the tables.
I would like to know if it is glitch in the application?
Also is it good idea to store User ID and passwords along with other
application related data in the same database?
If user id and passwords are in same database the how can we restrict
accessing other tables before user is getting authenticated as the
application should be able to know the difference between user table
and other transaction tables