Developing Authentication and Roles thinking about API
- From: "Giammarco" <giammarco.schisani@xxxxxxxxx>
- Date: 25 Aug 2005 03:16:17 -0700
Hi all,
I'm developing an ASP.NET website and thinking about releasing the API
through webservices in a couple of months (like flickr.com let's say).
Most of the website functionality is restricted to authenticated users.
Users are classified in different roles, and different roles can take
different actions.
E.g. Guest can call a function to delete one of his articles, but
cannot call a function that can delete any article (which can be called
by an Administrator).
I would like to ask how would you handle user authentication and roles,
considering that I have to release the API?
The following is an example of the parameters I need to pass to a
"DeleteArticle" function called from a asp.net page that is accessible
only to authenticated users.
public bool DeleteArticle(articleID, UserID)
{
// delete article
}
The same function called from the API, could look like this if
authentication and roles are not planned with the webservices in mind.
public bool DeleteArticle(articleID, userID, userPassword)
{
// check username and password and authenticate
// check if user can delete article
// delete article
}
Thanks in advance,
Giammarco
.
- Follow-Ups:
- RE: Developing Authentication and Roles thinking about API
- From: Lee Chapman
- RE: Developing Authentication and Roles thinking about API
- Prev by Date: Possible? asp.net <--> xml <--> php
- Next by Date: Re: I have fixed ASP.NET check it out
- Previous by thread: Possible? asp.net <--> xml <--> php
- Next by thread: RE: Developing Authentication and Roles thinking about API
- Index(es):
Relevant Pages
|
