Hello
I have 2 applications (1 normal, 1 Beast Forum) that set the session
domain
to be the same so that they can share information between them (they use
the
same database). However, i am not 100% clear on how I can expose the
controller methods to each of them through normal HTTP Auth, and keep
the
normal acts_as_authenticated pieces in place at the same time?
Is there a way to distinguish web-service calls through AWS from normal
browser call and authenticate them differently ?
Is there a way to distinguish web-service calls through AWS from
normal
browser call and authenticate them differently ?
I’ve done this in 2 ways:
Have the web service actions behind a filter that effectively says
‘localhost only’ (or local subnet only if you have several machine on
a private network)
Normal requests arrive on port 80, have a apache set an http header
for you (eg ‘EXTERNAL_REQUEST’), have web service requests arrive on
some other port (eg 81) and don’t set that. Only allow web-service
requests if EXTERNAL_REQUEST is not set (and let the firewall take
care of not allowing anyone else query you on port 81)
Thanks, the first option doest really work if the app and the WS need to
use
the same action.
How do you actually handle authentication? I assume you dont use
acts_as_authenticated, do you use this new http_authentication method?