Library tutorials & articles
Authentication for Web Services
- Introduction
- Operating System Options
- Third Party Choices
- Roll Your Own Authentication
- The Choices We Made
- Our Process Flow
Roll Your Own Authentication
When you take advantage of the authentication methods made available through the operating system or a third party, you get the benefit of using tools that have already been developed and tested. Okay, we're making an assumption about that tested part, but play along with me here. Still, even with these tools at our disposal, there are situations where more is required. If your application maintains is own user list or requires additional information above and beyond the user id and password, you are forced to create your own technique. And that is what we are faced with in our sample web service. Along with the user id and password, we need to gather a company identifier. In other words, none of the 'standard' techniques will be sufficient for our purposes, leaving us with no choice but to create our own authentication system.
I am the owner of a small application development consulting company that specialized in the design and implementation of Internet-based applications. While there are others who can make a web site...
Related articles
Related discussion
-
Java RAD Training...
by fordendk (0 replies)
-
I'm a newbie! How these things affect us?
by ephraimgasel (0 replies)
-
Error Capture
by Slicksim (4 replies)
-
MOS Protocol - Anyone used it?
by alexnavarro38 (5 replies)
-
AJAX: SimpleWebServices is not defined
by Freon22 (2 replies)
Related podcasts
-
Introduction to Atlas
Get your feet wet with an introduction to Atlas. Atlas is the new part of the .NET framework specifically for web clients. Features include AJAX and web services support, new validation controls, behaviors, and an object orientation layer sitting on top of JavaScript.
Events coming up
-
Dec
8
December Silicon Valley Ruby Meetup
Moffett Field, United States
In a World of Middleware, Who Needs Monolithic Applications? by Jon Crosby With Rack emerging as the standard for composing web applications and services, most recently with Rails adoption, an architectural shift is taking place. Learn how to create next generation web services by reusing existing Rack middleware and supplementing with your own components and micro-frameworks like Sinatra. Bio : Jon likes music, the Open Web, Ruby, Erlang, Haskell, Objective-C, JavaScript and coffee.
I have enjoyed reading the article so far and I have a quick question. Isn't the interception of the security token almost as useful to a hacker as the interception of the original credentials? If so (even marginally) then why is it neccessary to go to such lengths to hide the login name and password, but not the token? Couldn't a hacker keep the token alive by using it regularly, therefore avoiding any expiration? Would it be possible to explore these issues, in the scope of the article?
Thanks,
Seamus
This thread is for discussions of Authentication for Web Services.