Can you give me a list of valid or widely used ways of authenticating a user in a web service aside from the items listed below? I am asking this because I have to provide a way to validate the users on my web service to check if they have the right to access it. I would like to know which of the existing ways to validate a user is the most acceptable and secured.
Some user authentication that's running through my mind: 1. Username and password. To use a web service, the user must provide his user name and password to the web service. If his user name and password is valid, he will be allowed to use the web service.
2. IP address. Only users from certain IP addresses are allowed to access the web service.
3. MAC address. Only users from certain computers are allowed to access the web service.
It would be nice if you could also comment on my list. Like if their not the suggested way of user authentication.
Umm, ehow.com? The first two paragraphs don't really apply to machine-to-machine communication, rendering the 3rd paragraph -which builds on the first two- rather pointless. And the proposed solution -biometrics- obviously does not apply in this scenario.
Thank you Ulf, but looks like authenticating a company on the web these days is done primarily via SSL, it's just that client SSL didn't catch up. Using RSA tokens for user authentication seems to be on the rise as we can see at Banks mull the attack on RSA tokens.
William Butler Yeats: All life is a preparation for something that probably will never happen. Unless you make it happen.
Thanks for the link, Dan! I am not familiar with SAML and haven't tried using it before but I will research it. I'm already using HTTPS. Problem is I also have to authorize the user. That is why I also have to get their username and password to check for their roles.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop