Understanding passport serialize deserialize

Where does user.id go after passport.serializeUser has been called? The user id (you provide as the second argument of the done function) is saved in the session and is later used to retrieve the whole object via the deserializeUser function. serializeUser determines which data of the user object should be stored in the session. The … Read more

How to implement REST token-based authentication with JAX-RS and Jersey

How token-based authentication works In token-based authentication, the client exchanges hard credentials (such as username and password) for a piece of data called token. For each request, instead of sending the hard credentials, the client will send the token to the server to perform authentication and then authorization. In a few words, an authentication scheme … Read more

What are the main differences between JWT and OAuth authentication?

TL;DR If you have very simple scenarios, like a single client application, a single API then it might not pay off to go OAuth 2.0, on the other hand, lots of different clients (browser-based, native mobile, server-side, etc) then sticking to OAuth 2.0 rules might make it more manageable than trying to roll your own … Read more

What is token-based authentication?

I think it’s well explained here — quoting just the key sentences of the long article: The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource – without using their username and password. … Read more

Validate a username and password against Active Directory?

If you work on .NET 3.5 or newer, you can use the System.DirectoryServices.AccountManagement namespace and easily verify your credentials: // create a “principal context” – e.g. your domain (could be machine, too) using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, “YOURDOMAIN”)) { // validate the credentials bool isValid = pc.ValidateCredentials(“myuser”, “mypassword”); } It’s simple, it’s reliable, it’s 100% … Read more