Jump to content

Authenticating a user between multiple servers?


DWilliams

Recommended Posts

I'm developing an application that consists of several parts. The main website is written in PHP, but there are also several WebSocket servers that the user might need to connect to. The servers are written in C# and have no direct communication with the web server other than via sharing the same database.

 

Where should I start reading to come up with a way to have website logins also authenticate the user on the WebSocket servers? Since the WebSocket connections are all done in client-side JS, nothing it does can be trusted. For example, if I have a WebSocket chat server, I don't want the connecting users to have to re-login but I also don't want to rely on the JavaScript to, for example, say "Hey, my name is Fred". I'd rather have the web server somehow tell the chat server "Yep, he's logged in as Fred, all is good".

Link to comment
Share on other sites

I'm developing an application that consists of several parts. The main website is written in PHP, but there are also several WebSocket servers that the user might need to connect to. The servers are written in C# and have no direct communication with the web server other than via sharing the same database.

 

Where should I start reading to come up with a way to have website logins also authenticate the user on the WebSocket servers? Since the WebSocket connections are all done in client-side JS, nothing it does can be trusted. For example, if I have a WebSocket chat server, I don't want the connecting users to have to re-login but I also don't want to rely on the JavaScript to, for example, say "Hey, my name is Fred". I'd rather have the web server somehow tell the chat server "Yep, he's logged in as Fred, all is good".

 

Each request is independent of the last. The client has to send some sort of authorization token (session token) to the server, which can then verify it's legit with the database.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.