Service-Based Authentication Using Tokens

Posted by jerhinesmith on Stack Overflow See other posts from Stack Overflow or by jerhinesmith
Published on 2009-06-02T14:18:20Z Indexed on 2010/05/18 9:31 UTC
Read the original article Hit count: 301

Filed under:

authentication

|

web-services

|

rest

I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows:

Client requests username/password from user
Client passes username/password to identity provider
Provider checks username/password and sends back a token if the user is valid
Client does something with the token?

The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?

© Stack Overflow or respective owner

Related posts about authentication

Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
windows authentication vs sql server authentication for asp.net forms authentication site

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due… >>> More
Disable authentication on subfolder(s) of an ASP.NET app using windows authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication? >>> More
AutoCompleteExtender - authentication failure (forms authentication)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily. If I change my service definition to include a demand for the caller to be authenticated, like so: <OperationContract()… >>> More
Ruby on Rails , functionalities having twitter authentication and email authentication (autlogic and

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Experts, I would like to ask your guidance on how to authenticate using email add/ the basic log-in while having also a twitter log-in, twitter authentication works fine but if having an alternative log-in like using basic sign-up and email log-in part wont work.... any ideas please...? >>> More

Related posts about web-services

Testing your Web services using the Data Web Services Test Client

as seen on Internet.com - Search for 'Internet.com'
Paul Zikopoulos introduces you to the Data Web Services Test Client that's available in IBM Data Studio Version 1.2 or later >>> More
Webservices error for dev.virtualearth.net/webservices/geocode

as seen on Stack Overflow - Search for 'Stack Overflow'
I am getting the following stacktrace and have no idea what I am looking at and how to debug and fix it: Here is the error: Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your… >>> More
Setting up Metro 2.0 with Jetty 7

as seen on Stack Overflow - Search for 'Stack Overflow'
This question relates to a previous question of mine. I am attempting to set-up a low overhead Web Container using Jetty 7 that I can deploy Web Services using Metro 2.0. I have installed the following Metro 2.0 libs into jetty/lib: webservices-extra-api.jar webservices-extra.jar webservices-rt… >>> More
Interview questions about ASP.NET Web services.

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I have seen there are lots of myth’s about asp.net web services in fresher level asp.net developers. So I decided to write a blog post about asp.net web services interview questions. Because I think this is the best way to reach fresher asp.net developers. Followings are few questions about asp.net… >>> More
Service-Oriented Architecture and Web Services

as seen on DotNetBlocks - Search for 'DotNetBlocks'
Service oriented architecture is an architectural model for developing distributed systems across a network or the Internet. The main goal of this model is to create a collection of sub-systems to function as one unified system. This approach allows applications to work within the context of a client… >>> More