Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Websocket service user authentication #73

Closed
ergousha opened this issue Jan 6, 2013 · 3 comments
Closed

Websocket service user authentication #73

ergousha opened this issue Jan 6, 2013 · 3 comments

Comments

@ergousha
Copy link

@ergousha ergousha commented Jan 6, 2013

How to use websocket server with user authentication (with username and password)? If supplied password is not correct the server is expected to reject connection. Is it possible such authentication in handshaking? Or where to implement?

@hikari-no-yume

This comment has been minimized.

Copy link
Contributor

@hikari-no-yume hikari-no-yume commented Jan 6, 2013

You don't necessarily need to do it at the HTTP header level. You could always do it yourself in your protocol.

@theturtle32

This comment has been minimized.

Copy link
Owner

@theturtle32 theturtle32 commented Jan 6, 2013

Yes. Theoretically you could use HTTP basic auth, but I wouldn't recommend it. The WebSocket specification does not include any kind of authentication mechanism. It is left to the individual protocol designer to decide how best to perform authentication in their application.

The simplest thing to do might be to send the credentials from the client as the first message after the connection is successful, and then send back a response from the server, additionally closing the connection if the authentication failed. Obviously the server shouldn't process any other kind of messages until the authentication phase is complete.

Sent from my iPhone

On Jan 6, 2013, at 2:17 PM, Andrew Faulds notifications@github.com wrote:

You don't necessarily need to do it at the HTTP header level. You could always do it yourself in your protocol.


Reply to this email directly or view it on GitHub.

@hikari-no-yume

This comment has been minimized.

Copy link
Contributor

@hikari-no-yume hikari-no-yume commented Jan 6, 2013

That's precisely what I do. The easiest way is just to do conn.once('message', function () { ... }), and then set your normal message handler (conn.on('message', function () { ... })) in that handler if the login was correct.

@ergousha ergousha closed this Jan 8, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.