Webservices Xml-Rpc and authentication

Hello,

I want to build an application where i have client and server. I need to
exacute
commands with XM-RPC. I can get all this working, following the howto’s
in wiki and main
website.
But the problem is they are all unsecure. I can’t seem to find any web
service examples
where they use authentication, or ssl.

Just wondering if anyone know how i go about doing this.
At the moment all i can think of is sending username and password with
every method.

These are the howto’s i’m following:
http://wiki.rubyonrails.com/rails/pages/HowtoWriteAXmlRpcService
http://manuals.rubyonrails.com/read/book/10

Thanks for any help


Website: http://www.mooktakim.com
email: [email protected]

“Md Mooktakim A.” [email protected] writes:

This book might help, I myself haven’t tried it yet.
http://www.oreilly.com/catalog/websor/

In case, you purchase it, do let us know how did you find it.

HTH.

Surendra S.
http://ssinghi.kreeti.com, http://www.kreeti.com
Read my blog at: http://cuttingtheredtape.blogspot.com/
,----
| “O thou my friend! The prosperity of Crime is like unto the lightning,
| whose traitorous brilliancies embellish the atmosphere but for an
| instant, in order to hurl into death’s very depths the luckless one
| they have dazzled.” – Marquis de Sade
`----

Surendra S. wrote:

“Md Mooktakim A.” [email protected] writes:

This book might help, I myself haven’t tried it yet.
http://www.oreilly.com/catalog/websor/

I own that PDF “Book”. It doesn’t mention authentication in it. I can
recommend the book though, its got some good stuff - you just won’t find
any kind of login type stuff.

and so on.
Can anyone else think of a better way?

I recently did an XML-RPC service with authentication and just used
standard HTTP auth stuff. It’s worked just fine so far.

That said, I wouldn’t do it that way again. There’s no good way to get
at
the login information (yes, you can get it, but not in the models). I
think I’d go with something you have above and have them pass it in as
the
first argument to every method. That way you have it easily available
so
you can do things with it (throttle certain users, delays, etc.)

-philip

Where would be the best place to store to current token?
Should it be session? I haven’t worked this about yet :slight_smile: Still thinking
out loud.

On Fri, July 14, 2006 9:19 pm, Philip H. wrote:

you can do things with it (throttle certain users, delays, etc.)

“Md Mooktakim A.” [email protected] writes:
recommend the book though, its got some good stuff - you just won’t find any kind of

[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails


Website: http://www.mooktakim.com
email: [email protected]

On Fri, Jul 14, 2006 at 12:14:11AM +0100, Md Mooktakim A. wrote:

I want to build an application where i have client and server. I need to exacute
commands with XM-RPC. I can get all this working, following the howto’s in wiki and main
website.
But the problem is they are all unsecure. I can’t seem to find any web service examples
where they use authentication, or ssl.

Adding SSL support to the webrick in rails is pretty simple, and adding
verification of client-side certificates is trivial from there.
Presenting
the cert from the client end is pretty simple, too.

Client-side certs aren’t that great if you’re trying to let random
people
in, but most authenticated web services are there for the use of a
limited
set of people, so the certificate management burden isn’t too bad. If
you’re doing something where you’ve got people (eg) doing their own
accounts, then you’ll want a login method that returns a session
“cookie”,
and then that gets passed as the first parameter to every other method,
so
the user can prove that they’re logged in.

  • Matt


How about “suspender snapping three martini lunching mahogany tabled
conference room equipped with overhead projector dwelling golden
parachute
flying bill gates specifying buzzword spewing computerworld and
datamation
reading trend bandwagoneering meeting going morons”. – Tom O’Toole

hhmm,
Its VERY strange.
I haven’t done any xml-rpc or SOAP stuff before. But i would think
authentication would
be the first thing people do. Only way i can think of now is the have a
login menthod.
The after that use a random token for the rest of the methods.
Maybe even change the token every time randomly. So here it is:

login(username, password) --> returns [true, random_token]

get_user_data(token) --> returns [[some_data], new_random_token]

and so on.
Can anyone else think of a better way?

On Fri, July 14, 2006 7:40 pm, Bob Y. wrote:

I own that PDF “Book”. It doesn’t mention authentication in it. I can


Website: http://www.mooktakim.com
email: [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs