I have node-red setup as an Azure Web App (via https://github.com/jmservera/node-red-azure-webapp).
The editor is secured using the adminAuth setting in settings.js which works fine.
I have a simple flow with http-in and http-response nodes and a database lookup in the middle. To secure use of the flow I have set the httpNodeAuth setting as follows (actual username and hash changed of course):
httpNodeAuth: {user:"myuser",pass:"passwordhashedasperauthadminmethod"},
However this setting appears to be completely ignored. Running this flow from a fresh browser does not result in any authentication popup and the result of the database query is returned.
Am I missing something?
It seems that the Azure Web App implementation runs in Embedded Mode and according to the node-red doco, httpAdminAuth is a Standalone Only option. I assume, by extension, that this is true for httpNodeAuth also hence the described behaviour.