Another solution I suppose would be to have an authentication which
sends a username and password
from the client system in exchange for a token from the server. Then
every subsequent request would
use this token. I suppose this is rather like a cookie but it could be
included in the URL.
e.g.
To log in go to controller http://mydomain.com/service/login POSTing the
username and password and
a token (hashed based on user-id, secret-key etc.) is generated and
returned in the response. This token
could be used until it times out (how quickly for a web service? 1
minute, 10 minutes?) as in
http://mydomain.com/service/token/5A34....FE32/foo/bar
Thoughts?
Regards
Ian
Ian Docherty wrote:
This might seem like a stupid question, and one that probably has a
simple solution.
If I am serving XML over HTML (a simple web service), how do I
authenticate the client?
I would not expect cookies to be a sensible solution.
I could use Apache Basic Authentication, but I would prefer to hold
usernames passwords in
a database rather than a htpasswd file.
That's about the limit of what I can think of.
The second question (and the reason why this is still on-topic) is
that I want to have a web application
and a web service running from the same Catalyst application.
So, if I had a URL with a pre-path of http://mydomain.com/service then
this would be directed to the
web services (with their own authentication) and anything else would
be directed to the web application
(with standard username-password login).
Is it feasible to authenticate these using two different methods in
Catalyst?
Regards
Ian
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
