[Catalyst] Authentication for web services (slightly off topic)
Ian Docherty
catalyst at iandocherty.com
Wed Jan 23 15:19:04 GMT 2008
Another solution I suppose would be to have an authentication which
sends a username and password
from the client system in exchange for a token from the server. Then
every subsequent request would
use this token. I suppose this is rather like a cookie but it could be
included in the URL.
e.g.
To log in go to controller http://mydomain.com/service/login POSTing the
username and password and
a token (hashed based on user-id, secret-key etc.) is generated and
returned in the response. This token
could be used until it times out (how quickly for a web service? 1
minute, 10 minutes?) as in
http://mydomain.com/service/token/5A34....FE32/foo/bar
Thoughts?
Regards
Ian
Ian Docherty wrote:
> This might seem like a stupid question, and one that probably has a
> simple solution.
>
> If I am serving XML over HTML (a simple web service), how do I
> authenticate the client?
>
> I would not expect cookies to be a sensible solution.
>
> I could use Apache Basic Authentication, but I would prefer to hold
> usernames passwords in
> a database rather than a htpasswd file.
>
> That's about the limit of what I can think of.
>
> The second question (and the reason why this is still on-topic) is
> that I want to have a web application
> and a web service running from the same Catalyst application.
>
> So, if I had a URL with a pre-path of http://mydomain.com/service then
> this would be directed to the
> web services (with their own authentication) and anything else would
> be directed to the web application
> (with standard username-password login).
>
> Is it feasible to authenticate these using two different methods in
> Catalyst?
>
> Regards
> Ian
More information about the Catalyst
mailing list