Data stored in Mongodb database either with or without credentials while authentication is enabled

Question

• I am using the latest versions of Mongodb (And Mongoose), Angular, Express, And Nodejs for my application.
• I downloaded the installable .msi file to install it on my WINDOWS machine.
• I have followed the instructions on Mongodb DOCS and made some changes to get database Authentications enabled for a local Database.

The Problem is When I connect either with username and pass or without them the connections get established! and data are stored in both cases

I tried the steps below:

1. Opened Mongodb Compass Shell and CONNECT
2. Used Mongosh in the dark strip at the bottom of the GUI
3. Run use admin
4. Run db.dropAllUsers() - to clean the users data
5. Run

db.createUser(
{
user: "Admin",
pwd: "myNewPassword",
roles: [ { role: "userAdminAnyDatabase", db: "posts" } ]
}
)

-to create a username and password and assign a role (based on Mongodb Docs) 6. Disconnected from the database via GUI Menu bar (Connect Button > Disconnect) 7. Didn't find the /etc/mongod.conf path so I managed to find a so-called file somewhere else(no idea if it is the right one): C:\Program Files\MongoDB\Server\6.0\bin\mongod.cfg 8. I entered

security:
  authorization: "enabled"

Under #security: section

9. I tried both cases mongoose.connect("mongodb://127.0.0.1:27017/posts") and mongoose.connect("mongodb://Admin:myNewPassword@localhost:27017/posts")

Both were connected successfully and in either cases data were stored in Databse!

*to be clearer My expected behavior was that the connection would have been failed in the first case! And data not stored in the database *

Thanks!

Answer 1

Found where the problem is! I had not restarted the MongoDB Server to have authorizations take effects! So I restarted MongoDB server in windows Services!