restful-authentication

问题 I am making some Restful APIs for my mobile application. The communication between APP and webserver has to be made in REST. These apis should be private , and only my app should able to call them for successful results. The tough part is, there is no user id and password required in my app so i do not know how could i restrict rest API with the mobile app without basic user authentication. One solution i thought was to embed some kind of hardcode string so when mobile app will use the

问题 I have found quite a few questions on this topic on SO, but couldn't find any answering this question: Should I validate users with their username and password, or with an API key? And what are the pros and cons of each method. I ask this because in my API, there are a couple of methods I'd like to lock down and verify that the user has access to some document or action. I'm a bit reluctant to authenticate by having the user send an HTTP AUTH header with their username and password because it

问题 How do I write the method for user authentication in REST web service? I am beginner with web services. 回答1: Authentication itself should be done in a stateless way, so that the REST paradigm is not broken. This means authentication has to occur on every request. this SO question might provide some further details the esiest method is using HTTP-Basic AUTH (rfc2617) over SSL encrypted connections (https). here are some java examples: ericonjava my blog entry another method is using nonces so

问题 I am working on an internal authentication system for users of a set of of RESTful web applications. Our intention is that a user should be able to sign-on once via a web form and have appropriate access to all these RESTful applications in our domain, which may be distributed in a private cloud across many servers. (I understand already that having a single authenticated session is not aligned with a pure RESTful approach, but this is a usability requirement.) The applications themselves

问题 Problem: I am storing number of HLS streams in S3 with given file structure: Video1 ├──hls3 ├──hlsv3-master.m3u8 ├──media-1 ├──media-2 ├──media-3 ├──media-4 ├──media-5 ├──hls4 ├──hlsv4-master.m3u8 ├──media-1 ├──media-2 ├──media-3 ├──media-4 ├──media-5 In my user API I know which exactly user has access to which video content but I also need to ensure that video links are not sharable and only accessible by users with right permissions. Solutions: 1) Use signed / temp S3 urls for private S3

问题 I have a nice ASP.NET 5 / MVC 6 app up and running. Essentially for this purpose it is just the normal sample app you get when you start a new project to keep it simple. So far I can: Register a user Login Logout Protect a page (forcing login etc) Now, what I would like is to provide an API mechanism for a app to login and get an authentication token. Specifically I am working on two mobile apps to test with, one using Angular / Cordova and one using Xamarin. I have looked high and low and I

问题 It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 8 years ago . I have googled about the docs of rest, but I am not exactly sure I understand it. What I can see in rest is that its URL is clean, for example: http://host/webservice.asmx?name=xname&type=xtype If in REST style,

问题 I have this class that uses JSON Web Token Support For The JVM to create and validate JWT tokens @Component public class JwtTokenUtil implements Serializable { private static final long serialVersionUID = -3301605592208950415L; private Clock clock = DefaultClock.INSTANCE; @Value("${jwt.secret}") private String secret; @Value("${jwt.expiration}") private Long expiration; public String getUsernameFromToken(String token) { return getClaimFromToken(token, Claims::getSubject); } public Date

问题 The structure and protocol aside, I was wondering where JWT fits into client/server communication? Is it here to replace authentication and session cookies? Is it here to relieve servers of storing session tokens in a database or memory? Is it for clients to make sure they are receiving data from the expected server and if that's not a concern I wouldn't need JWT? Is it necessary or a good practice for server to server communication when the connection is HTTPS/SSL? 回答1: What JWT is exactly?

问题 I’m using Luracast restler and i’m trying to implement some authentication by implementing iAuthenticate interface. The thing is, my authentication code needs to query my database to retrieve the user private key. This private key will always be provided in the url request (hashed). I wanted to open just one database connection to each request, so i need to pass the db connection variable to my class that implements iAuthenticate and to the other classes that handle all the requests. But i