Rails and user authentification


#1

I am a the point now where I have to add user authentification to my
application.

Anyone can point me toward an easy to use / secure library? I know about
ActiveRBAC and was wondering if there is anything else that I should
consider.

Thanks!


#2

What are you requirements?


#3

I like to keep it simple, so check out the rails recipe book for really
simple, or
acts_as_authenticated for the next step up in complexity, but less
complex than most of
the others.


#4

Hi,

I am doing a ASP kind of application. I havent figured out the hosting
server, but it will probably be a Linux box.

I need to be able to manage roles/permission/groups. People are going to
pay for the service, so it has to be very secure. Its my first time
developping a “seriously” secure application. Hence the reason I want to
use a popular framework.

Any other things I need to consider?

Thanks


#5

I tend to agree with Jim. I usually roll my own (authentication that
is) and I’ve also used acts_as_authenticated, which “just works” and
is straightforward.

There’s a ton of options out there, you’ll just have to evaluate them
and see if they match up to your requirements.

Michael


#6

I found that this one was pretty easy/straightforward to implement.
http://penso.info/rails/auth_generator/


#7

The rails recipe book also has an RBAC that is very simple to implement,
I slipped that
into my app on top of acts_as_authenticated in a few hours.

I also like Bill K.'s approach, although I have not implemented it
(http://www.billkatz.com/authorization).

I have posted a recipe for an admin page for managing Rights and Roles
on my blog,
http://blog.wolfman.com/articles/2006/05/20/role-based-authentication-admin-page


#8

I prefer to write it for each application. I just did a writeup on basic
user authentication. It covers some of the patterns that I’ve been using
for
authentication:

http://www.aidanf.net/rails_user_authentication_tutorial

cheers,

AF


#9

Sorry my blog link was not working (I changed the date which changed the
link!) It now
works and is
http://blog.wolfman.com/articles/2006/05/20/role-based-authentication-admin-page