How to authenticate by calling services?

R

RedQuark2014-11-16 17:16:27

C++ / C#

RedQuark, 2014-11-16 17:16:27

I'm going through authentication, let's say by a self-written provider. The session and user are now identified. And now, using JS or C #, the user needs to knock on the service of another application, which may be located in a different domain. How to pass authentication data? Is it bad to store the login password and attach it to the request each time? How does mail.ru make a single authentication for all projects? I dug up something about tokens, I like it, but whether MS has a boxed implementation is not clear.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vitaly Pukhov, 2014-11-17
@Neuroware

As far as I know, there is no box, and there is no point in making it boxed in my opinion.
If in a nutshell it can be considered so, there is a service, authentication with which goes through all the "canons", after completion of which the application receives a token in response, this is a kind of "key", it can be anything, for example, a random sequence of characters, for example, a GUID given the key after is considered an analogue of "login \ password" and this service can confirm for another project whether this token is valid and, for example, which identifier it is associated with, so the service does not need to store passwords, it is enough to store tokens and logins. Of course, this is all only for self-propelled guns both in the first project and in the second.