I have an asp.net web API. I implemented a token authentication that I am trying to validate user name and password from the database. I am new to JWT so I need your advice.
Here are my questions;
- Should I encrypt username and password in my database?
- The client sends the username and password in the request body, Should the client send them in the header? And should they be encrypted?
Best Regards.