Hi All,
I have created a RESTful web api and it works fine. I have manage to use RESTFul authentication also.
My problem is, how can i implement authentication for external clients.
Ex : If my Web service is consumed by a desktop application, how will i be able to implement authentication. ?!!
Is there any standard way or how can i get this done Please advice me
thankx in advance
cheers sameera
Hi Sameera,
That should work out of the box. In the simplest case, use a before_filter :login_required ( this is described in lib/ authenticated_system.rb) to restrict access to any set of controller actions, and use HTTP basic authentication from the remote end (requesting .xml, .json, etc). If you look in lib/ authenticated_system.rb this is tried after login_by_session and login_by_cookie for any page request that expects a current_user. If you'd like to know more on HTTP basic auth there's an excellent (natch) railscast here: #82 HTTP Basic Authentication - RailsCasts and I'm sure google will have one or two links for you.
One thing to watch out for: if you use any kind of activation/email validation/etc the current version of restful_authentication doesn't check that the user is active, only that their password authenticates. I've handled that by routing all non-session logins through a single become_logged_in_as! method; it raises an exception if the user isn't authorized to login.
Cheers, flip