CHAPTER 5 PERMUTATIONS PATTERN 137 The interface (Kids web site)
CHAPTER 5 PERMUTATIONS PATTERN 137 The interface IUserIdentification is returned by the method IUserIdentificationResolver<>.Resource and has two properties, Identifier and IsIdentified. The Identifier property is used to identify the user, and IsIdentified to indi cate whether a user has been identified. In the definition, the interface IUserIdentification has only two properties, but depending on your particular context could have more properties or methods. The purpose of the interface is to provide enough information to uniquely identify who is making the called request and to allow the application to use that information for managing the authorization of a resource. The interface IUserIdentificationFactory is used by IUserIdentificationResolve<> to instantiate an IUserIdentification instance whenever a user identity has been found. The interfaces make up an important basis of user identification and should be used regardless of the user identification scheme used. Using HTTP Authentication The first user identification implementation is HTTP authentication. Using HTTP authentication is probably one of the most underused techniques of creating a user identifier. Most web applications tend to prefer HTTP cookies, but HTTP authentication offers some yet-to-bediscussed options that HTTP cookies do not. In the early nineties, HTTP authentication was not well known and considered generally insecure because the client would constantly be sending the username and password to the server whenever an authorization was performed. To get around the security issue, a more E B V secure form of HTTP authentication was created, called HTTP digest authentication. HTTP digest authentication in the early Web days was not widely distributed. Of course today that is not the case as every browser, or at least most browsers, support HTTP digest authentication. Understanding How HTTP Authentication Functions at a Practical Level HTTP authentication is a very good way of creating a user identifier because the authentication mechanism is formal and requires participation by the user. If the user declines, authentication will not occur, and no information is sent to the server. The user can remain anonymous. Granted, the user might not be able to access all of the content, but there is anonymity and some people treasure their anonymity. Figure 5-11 illustrates how HTTP authentication is presented to the user via current browsers. Also illustrated in Figure 5-11 is the ability of current browsers to remember past HTTP authentication sessions. HTTP authentication is both a blessing and curse in that users must authenticate themselves whenever they exit and restart the browser. The blessing is that authentication information is not sent automatically, and the curse is that the user must authenticate themselves before starting a session at a website. Some may consider requiring authentication a downside, but when security is important, using HTTP authentication ensures giving the correct rights to the identified user. At a technical level, HTTP authentication is a mechanism whereby a user requests the contents of a resource and the server issues a challenge, asking for identification. The browser converts the challenge into something similar to Figure 5-11. After the user enters the appro priate information, the server will authenticate the user. If the authentication works, the representation of the resource is downloaded by the browser.
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.