rack for user authentication

RIRUGhttp://rirug.com

RackFor User Authentication

Common Web App Needs

• A User

• A way to associate requests with that user

Many Current Auth Solutions

• RESTful Authentication

• AuthLogic

• Clearance

• OpenID

• HTTP Auth

• LDAP

• CAS

• Roll Your Own

Why Another One?

RackRails 2.3 introduced Rack

compatibility.

Rails 3 is Rack dependent.

Rack allows for modular application design.

Default Rails Rack Stack

How Does This Affect Authentication?

• Rack allows for “mountable apps”

• Rails middleware

• Rails metal

How will your authentication cope?

Apps Usually Need a “User”

Current Authentication Systems Will Conflict

Between Apps

Warden

• Injects a lazy proxy into the request

• Proxy follows around the request

• Does nothing until asked

• Authenticates requests for any kind of “user”

• Provides a mechanism for authentication

• Available to all downstream Rack parts

Authenticating(Loggin In)

Accessing the user

Logging Out

Authentication Logic

• Strategy Based

• Packagable

• Sharable between discrete apps

• Simple

Warden Strategy

Strategies

• Multiple Strategies

• Strategies Cascade

Rack Setup

Rails Integration

Warden + Devise

Devise

• Flexible Rails authentication based on Warden

• Rack based

• Complete MVC solution using Rails engines

• Allows for multiple roles (models/scopes)

• Based on modularity

Devise Modules

• Database Authenticatable

• Token Authenticatable

• Confirmable

• Recoverable

• Rememberable

• Registerable

• Trackable

• Timeoutable

• Validatable

• Lockable

Rack Resources

• http://rack.rubyforge.org/

• http://rack.rubyforge.org/doc/SPEC.html

• http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal

Warden Resources

• http://www.slideshare.net/hassox/warden-introduction

• http://wiki.github.com/hassox/warden/overview

• http://github.com/hassox/rails_warden

Devise Resources

• http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/

• http://github.com/plataformatec/devise

• http://rdoc.info/projects/plataformatec/devise

• http://railscasts.com/episodes/209-introducing-devise

• http://railscasts.com/episodes/210-customizing-devise

rack for user authentication

user http

complataformatecdevise

rack resources http

rack setup http

rails integration http

devise resources http

warden resources http

warden strategy http

Technology

forms authentication, authorization, user accounts, and...

user authentication through keystroke dynamics · advanced...

strong user authentication mechanisms

eleven rack user guide.pdf

user authentication with wsa

biometrics based user authentication

magic quadrant for user authentication - securite€¦ ·...

advanced authentication- user

eleven rack user guide 80930

vodafone user authentication (2-step login) user manual

technical report physical authentication...technical report...

navi based user authentication

user authentication: id protocols

fortigate user authentication user guide

junos® os user access and authentication user guide ·...

user authentication - aalto university

safenet authentication client user’s guide - · pdf...

user manual rt rack - assets.vector.com

principles and methods user authentication -...

user management: configuring authentication servers ·...