Re: Has anyone written authentication for Araneida?

On Sat, 18 Mar 2006 04:51:42 -0800, Jonathon McKitrick wrote:

Thomas F. Burdick wrote:
What do you mean by "basic login/logout" and where do you want to get
the authorization information from? Araneida has two methods,
AUTHENTICATE-REQUEST and AUTHORIZE-REQUEST (iirc), for doing

Username and password are in a database table. I want to have a login
page with a form that will request both, and then allow/deny access to
an admin directory. Nothing fancy.

The problem is I am having terrible caching issues that would be a huge
nightmare from a security standpoint. I was hoping maybe an already
existing implementation would have dealt with these issues correctly,
since I cannot seem to find the solution myself.

Somehow you didn't answer Thomas' question. Where do you want to _store_
the authentication state? In a cookie? Authentication with a login page
(which i personally consider stupid -- there's HTTP basic auth) needs
state/sessions. With cookies it's pretty simple: do a

(defmethod handle-request-response :before
((handler your-cool-protected-handler) method request)

....)

Unless there's a cookie you can redirect to the login page.
Iff there's a cookie, check it against the database.

HTH Ralf Mattes
.

Relevant Pages

  • Re: [.NET 1.1] Authentication and cookies clarifications
    ... Nicola here is a good article here at :-(Which uses Database to store its ... > My goal is to create a basic site with authentication process, ... Or I've to set another cookie for that? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: need help with user authentication routine
    ... autheticate.php checks the login against the database, ... a file outside the document tree (this is one way to protect images or ... Whether or not you do full authentication each time or if you leave behind ... a cookie or session variable which is checked later is up to you. ...
    (comp.lang.php)
  • Re: Forms Auth keeps going to logon page
    ... the username and password against a list held in the web.config file. ... to authenticate from usernames and passwords held on a database so I thought ... You do not set the cookie for authentication using Response.Cookies. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Forms authentication cookie handling question (C#)
    ... I also replaced all of my ticket authentication code with the ... // Username and or password not found in our database... ... LoginControl's default code logic to generate authentication cookie. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Forms Authentication
    ... The DNS entry for my domain was not set corrretly, ... This should have overcome the cookie ... authentication ticketis not correctly set to the domain your ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)