session auth and AWS auth

Hello

I have 2 applications (1 normal, 1 Beast Forum) that set the session domain to be the same so that they can share information between them (they use the same database). However, i am not 100% clear on how I can expose the controller methods to each of them through normal HTTP Auth, and keep the normal acts_as_authenticated pieces in place at the same time?

Is there a way to distinguish web-service calls through AWS from normal browser call and authenticate them differently ?

Thanks

Adam

I've done this in 2 ways:
- Have the web service actions behind a filter that effectively says 'localhost only' (or local subnet only if you have several machine on a private network)
- Normal requests arrive on port 80, have a apache set an http header for you (eg 'EXTERNAL_REQUEST'), have web service requests arrive on some other port (eg 81) and don't set that. Only allow web-service requests if EXTERNAL_REQUEST is not set (and let the firewall take care of not allowing anyone else query you on port 81)

Fred

Thanks, the first option doest really work if the app and the WS need to use the same action.

How do you actually handle authentication? I assume you dont use acts_as_authenticated, do you use this new http_authentication method?

Thanks, the first option doest really work if the app and the WS
need to use the same action.

Ah I hadn't got that

How do you actually handle authentication? I assume you dont use
acts_as_authenticated, do you use this new http_authentication method?

I've got some home grown stuff (session stuff). It's never for us the
case that an action is accessed in both ways.

I think what I outline below still helps. acts_as_authenticated gives
you a login_required filter. You could instead have a filter that
looks like

def web_service_or_login
   login_required unless is_a_web_service_request?
end

Where is_a_web_service_request? determines whether the request is one
from a webservice (possibly using one of the thigns I described).

Fred