1

i'm reading RESTful Web Services and on the first chapters they talk about taking advantages over the stuff HTTP already serves.

They introduce en example that does authentication to del.icio.us using HTTP Basic Authentication.

Until now, the apps I've been written in NodeJS implemeted Authentication by sending a POST request from a form containing user and a password field.

How do you guys implement this? Do webpages implement auth via http basic auth? Which one is recommended?

Thanks in advance.

d60402
  • 3,190
  • 2
  • 23
  • 28
jviotti
  • 17,881
  • 26
  • 89
  • 148
  • form login usually means there's a cookie involved. but http auth works just as well, at the cost of transmitting the user/pass in almost-cleartext on every request. – Marc B Nov 08 '12 at 18:58
  • so form-based authentication should be used in user-end Web Applications to preserve the user logged in, and Web Services being accesed from webapps could implement http-simple-auth? – jviotti Nov 08 '12 at 19:00

2 Answers2

1

You may find Basic HTTP authentication in Node.JS? useful as it describes how to do Basic Authentication in NodeJS.

As for its use in Web Services, well...there are lots of ways to authorize requests from using a shared secret (like an API key), cookies (like Basic Auth) or user credentials added to a request string. All have their pluses and minuses.

For most of my coding, I rely on public/private key pairs to assure the identity of clients.

Community
  • 1
  • 1
Rob Raisch
  • 17,040
  • 4
  • 48
  • 58
0

http-auth module should do the job

// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
    realm: "Simon Area.",
    file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});

// Creating new HTTP server.
http.createServer(basic, function(req, res) {
    res.end("Welcome to private area - " + req.user + "!");
}).listen(1337);
gevorg
  • 4,835
  • 4
  • 35
  • 52