Is restricting sessions to an absolute IP likely to have a wide impact on mobile networks?
Our website currently restricts a cookie-based session to the IP address that was originally sent the Set-Cookie HTTP header. In the past a user’s IP would rarely change, so this didn’t present much inconvenience. However, some of our clients accessing via 3G devices are experiencing session failures due to this IP restriction.
Java solution for mutual authentication with smart card
I need to develop a Java solution for mutual authentication between Tomcat 6 (server) and SmartCard “IDGo 300” (client).
How do you get the usernames/passwords onto a STUN or TURN server for long-term credential authentication?
The STUN and TURN specifications allow for client authentication using usernames and passwords, and call this authentication via long-term credentials. In fact, TURN requires that clients authenticate by this means.
What’s the benefit of Azure ACS if ASP.NET 4.5 includes OAuth and OpenID providers? [closed]
Closed 9 years ago.
API Auth vs User Auth
I have read many posts and articles on this topic but still cant connect the dots. I want to make a Rails app that is strictly a JSON API maybe using Sinatra or the rails-api gem. I also want to make both a web client app and an iPhone app which consumes the API. No plans on letting third party dev’s use it.
How should an API use http basic authentication
When an API requires that a client authenticates to it, i’ve seen two different scenarios used and I am wondering which case I should use for my situation.
How should an API use http basic authentication
When an API requires that a client authenticates to it, i’ve seen two different scenarios used and I am wondering which case I should use for my situation.
Sharing authentication methods across API and web app
I’m wanting to share an authentication implementation across a web application, and web API. The web application will be ASP.NET (mostly MVC 4), the API will be mostly ASP.NET WEB API, though I anticipate it will also have a few custom modules or handlers.
Standard -server to server- and -browser to server- authentication method
I have server with some resources; until now all these resources were requested through a browser by a human user, and the authentication was made with an username/password method, that generates a cookie with a token (to have the session open for some time).
Should I manage authentication on my own if the alternative is very low in usability and I am already managing roles?
As a small in-house dev department, we only have experience with developing applications for our intranet. We use the existing Active Directory for user account management. It contains the accounts of all company employees and many (but not all) of the business partners we have a cooperation with.