RE: Digest authentication for Xavante?
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
- Subject: RE: Digest authentication for Xavante?
- From: "Alexander Altshuler" <alt@...>
- Date: 2006年1月12日 11:51:00 +0300
Hi
12.01.2005 Javier Guerra wrote
>or maybe i'm totally offbase, and the authentication can be done just
>reading
>some headers.... if so, a simple function to check it would be enough.
>care to enlighten us about the digest authentication method?
Digest authentication uses simple challenge/response protocol.
Server side steps:
1. Does request's URI need authentication?
2. If need authentication and "Authorization" is not present - generate
challenge (respond with 401 and "WWW-Authenticate" header.)
3. If "Authorization" is present - check this header for validity.
4. Check access rights for giver request
So it may be implemented as generic pluggable Authentication/Authorization
interface with 4 methods:
- doesResourceNeedAuthentication
- generateChallange
- validateUserCredential-
doesThisUserHasAccessToThisResource
Proposed interface above may be split into two:
Authenthication:
- generateChallange
- validateUserCredential
Authorization:
- doesThisUserHasAccessToThisResource
- doesResourceNeedAuthentication ( say does Anonymous
HasAccessToThisResource )
Instance of Authenthication interface may implement Basic or Digest.
If one of Xavante developer will integrate such things within Xavante I am
ready to develop implementation of Digest Authentication component for
Xavante community.
Code from link below may be used as good example of building challenge and
validating response.
12.01.2005 PA wrote
>Here is an example implementation:
>http://dev.alt.textdrive.com/file/LW/LWDigestAuthentication.lua
12.01.2005 Diego Nehab wrote
>I think all you need is base64 encoding (LuaSocket gives that to you)
>and md5 (Roberto used to have a library for that). It's very similar to
>the basic.
I agree.
Regards,
Alex