• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Authentication

 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Which authentication mechanism is recommended to be used only if cookies or SSL session tracking is in place?

Ans : Form based.

Explanation :
Form based login session tracking can be difficult to implement, therefore a separate session tracking mechanism is recommended.

can you explain this?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using basic (or digest) authentication, the credentials (username/password) are transmitted from the browser to the server with each HTTP request (this happens in the HTTP headers). It is thus not necessary to set cookies to identify the client.

Form authentication, on the other hand, only transmits the credentials once (when the login form is submitted). For the server to recognize the client on subsequent requests, some kind of session or cookie is necessary.
 
deepa raj
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What about CLIENT-CERT authentication ?
 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
CLIENT_CERT requires always to have a public certiticate key in the client side.So The way client-cert works is fully different than this username/password based authentication.
 
deepa raj
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
if so ,
from HFSJ
What it means ?

CLIENT-CERT also will use pop-up form to get username and password.

is this true ?
 
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Client-Cert means you have to send the certificate to the server.
Its doesn't open up any popup screen like BASIC or DIGEST by default.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic