Authentication and storing passwords

Is the basic HTTP auth the only way to go with EventStore? I would have preferred something similar to how RavenDB works, where it uses Windows Authentication. I don’t mind HTTP auth as such, it’s just that it adds complexity and potential security issues to have passwords stored somewhere. In the config file, potentially committed to source control etc.


The commercial editions have LDAP and LDAPS support which will talk to Active Directory, but there is no integrated Windows security.



There does not seem to be a commercial edition nowadays, although there is a commercial support license … Does that still include LDAP integration? Or has the LDAP integration now moved to the open source version?

You get a link to download the commercial version when you purchase commercial support and yes, it still includes the LDAP integration. We purchased it for my company earlier this year and we use our Active Directory for logins.