The standard Visual Studio Web Api template is configured to use OAuth bearer tokens as a primary means of authentication. Bearer Tokens are exactly what the name implies - Web Api will consider the bearer of the token to be properly authenticated (provided the token is not expired, per the configuration settings in Startup.Auth.cs).
This can have some serious security implications. If a malicious actor were able to intercept a client request and get hold of the Bearer Token from the request header, they would then be able to gain access as an authenticated Api user.
For this reason, if you are planning to deploy a Web Api application using the default Bearer Token authentication scheme, it is critical that the production application implement SSL/TSL(Meaning, HTTPS) to encrypt and protect traffic between the client an your Api.
It is recommenced to validate the password before confirming the email account, in some cases the user might miss type the email during the registration, so you do not want end sending the confirmation email for someone else and he receives this email and activate the account on your behalf
Consider $scope.$digest: Use
$scope.$applywhere it makes sense. Only child scopes will update
$rootScope.$digest, which causes the entire application
$$watchersto dirty-check again. Using
$scope.$digestwill dirty check current and child scopes from the initiated
"sudo tcpdump -i en0 -w ~/Desktop/sau-capture.pcap port 80"