tags:

views:

36

answers:

1
Q: 

Single auth URL? Why not authenticate on ANY URL?

Why hello SOers. My question today is about authentication endpoints and the architecture surrounding them.

Most web frameworks and applications I've encountered seem to have a single URL or endpoint to deal with 'authentication' - e.g. processing authentication tokens such as usernames and passwords, and doing something with them.

It seems to me like this causes a lot of follow-on work, like for example if you hit an auth-required URL, the system needs to pass that URL to the authentication endpoint in order to redirect you back there after authentication and authorisation.

Why not simply listen for authentication tokens on EVERY URL endpoint? With a modern MVC framework utilising a PageController or FrontController pattern this should be simple.

Am I missing the downsides of such an approach? Do some frameworks already utilise such a system? Opine me!

+1  A: 

Why not simply listen for authentication tokens on EVERY URL endpoint?

Ignoring the word end-pont for a moment, that's what the out-of-the-box Microsoft Forms based authentication does; in the config you specify the parts of the site you want to protect (like the "admin" folder, whatever), you can have as many of these as you like.

When the user hits anything covered by that (as long as IIS pipes it to the ASP.NET processor) they will need to be authenticated (if they aren't already).

I would imagine the ASP.NET MVC works in exactly the same way.

Not sure if that answers your question (?)

Adrian K  2010-03-04 02:23:13
If I remember correctly, ASP.net uses a RETURN_URL parameter off a Login.aspx page on authentication. My point is why can I simply not POST my credentials to ANY .aspx page and have it authenticate me without redirection?
Keith Humm  2010-03-04 21:43:27
Well I guess you could, but why would you want to? The FormsAuth module does this for you, so where's the extra work? Building authentication into everypage - that would add extra work, if not then certainly extra complexity; and all you'd be saving is one redirection, right?If you think you can do it using a controller (in MVC) then give it a shot - no harm in trying :)
Adrian K  2010-03-04 22:14:27

related questions

What is the best architecture to bridge to XMPP?
How to expose a collection property?
How do you build a ratings implementation?
Alternative "architectural" approaches to javaScript client code?
Split data access class into reader and writer or combine them?
Guide to choosing between REST vs SOAP services?
Best architecture for handling file system changes?
Globalization architecture
How Did You Decide Between WISA and LAMP?
Best Blogs for Software Architecture
Experience documentation about Shared Nothing Architecture
Agile architectures
VS.NET Application Diagrams
Documenting program architecture
Books for software architect
How do you do system integration?
Design debate: what are good ways to store and manipulate versioned objects?
Passing more parameters in C function pointers
Send messages to program through command line
Interfaces on different logic layers
How to structure a java application, in other words: where do I put my classes?
Are there any negative reasons to use an N-Tier solution?
Linux - files and scripts that execute on boot
Good STL-like library for C.
Best way to allow plugins for a PHP application