All geek questions in one place

Distributed authentication

I wanted to implement a specific architecture that separates my resting API from a web server, which will be used as an agnostic template engine such as DustJS. My final remainder API will be built using the services stack.

The main thing I like about the service stack and NodeJS is that they both provide a way to authenticate, but I only need a central way to access credentials to provide access to API calls, as well as restricting certain content in my views.

The application I want to develop is a subscription based dating site, so I have a few problems. Parameters include roles, groups, authentication, and authorization. This is easy to implement on the service stack, but I'm confused by the fact that the interface can access this information.

How do I implement a scenario where the front server receives the credentials once and does not have to continue making API calls to check the database or cache to check if it is being checked? Do I need to use a different method of processing clients who want to stay on the system, or is it usually possible to solve this by setting the timestamp value?

Thank you for your time.

+4
source share
3 answers

- AuthUserSession POCO,

ServiceStack ( -) , , Authenticated UserSession , ServiceStack AppHost. , Authenticated UserSession (aka AuthUserSession) cookie Users ss-id ss-pid cookie.

Cookies

Cookies , , , , AuthUserSession :

urn:iauthsession:{sessionId}

{sessionId} (ss-id), (ss-pid) cookie , ?RememberMe=true . , node , ServiceStack, .

, MemoryCacheClient ( ), , , , , , .

UserSession, , , , .

Write-thru

-, , , MemoryCacheClient, ICacheClient (, Redis) , , , , , . , , , , Redis Pub/Sub .

+2

SOMETHING. - cookie , , , , cookie , , , , , , , , , , 1% . , HASH, cookie, IP- , . , , IP- , , , , , , , , , .

, IP- , , , , , - .

+2

, , JWT . JWT- , - , .

, : " "

Auth0 . .

0
source

Source: https://habr.com/ru/post/1613997/

More articles:


All Articles