Web Service Authentication Options -- MIDRANGE-L

Subject: Web Service Authentication Options
From: Don Brown <DBrown@xxxxxxxxxx>
Date: Thu, 12 Jan 2017 18:07:10 +1000
List-archive: <http://archive.midrange.com/midrange-l/>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/options/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

While I have played with web services many times and have created quite a
few that really only get used internally I now have a project where I need
to provide a group of services to mobile devices.

There are numerous ways of providing authentication.

The authentication I am referring to is at the web service level not the
transport.

One example for web services we consume regularly requires the following;

- Initial connection with a user name and password - if successful a
token is returned
- All subsequent calls require the token to be passed.
- The token expires five minutes from creation

The web services to be deployed will not receive a large number of calls
and the purpose is to verify if an account is active at the start of a
shift.

Just looking for any advice, comments, suggestions from the group.

Thank you

Don Brown

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.