MARS-Curiosity: “Authentication and Authorization” video

In this video I will cover the basics to implement authentication and authorization with MARS-Curiosity library.

Since March 2016, I’ve added JWT support to MARS-Curiosity and this impacts significantly the authentication/authorization area of the library. Some topics may be good for some other specific sessions but with this video you should get a glance at the whole picture.

Here is a link to the slides I’ve used in this video.

Enjoy 🙂

Andrea

6 thoughts on “MARS-Curiosity: “Authentication and Authorization” video

  1. Fredy Caballero says:

    Hi Andrea.

    Great implementation and examples on MARS, video tutorials have been of much help I appreciate your great effort.

    I have only one question, is there any possibility to implement “https” requests easily on MARS?. To avoid intercepting my username and password over the network.

    Regards

    1. Andrea Magni says:

      Hi Fredy,
      I tend to add an Apache Instance in front of my application server. Making Apache act like a proxy to your application enables you to add SSL directly on the Apache node (it is simple, very well documented and secure). It is the same technique described here (https://www.embarcadero.com/home/development-and-deployment-of-delphi-multi-tier-applications) by Marco Cantù (with respect to DataSnap services but it is exactly the same topic).

      I will cover the deployment options for MARS-Curiosity in some blog posts/videos in the future (near future, I hope).
      Bye

      1. Fredy Caballero says:

        Thanks Andrea, I’ll check. I’ve been testing the demos with Firedac and works well on mobile devices, I like deployment with tokens and authorization mechanism.

  2. Jean Vandromme says:

    Hi Andrea,

    Thanks for all the brilliant work you’re doing. It’s amazing.
    Concerning the authorization token mechanism you’re describing in your video, how do you create users/password/roles ?

    Thanks

    1. andrea.magni says:

      Hi Jean,
      you can override the TMARSTokenResource.Authenticate (see example implementation provided https://github.com/andrea-magni/MARS/blob/master/Source/MARS.Core.Token.Resource.pas ) method and implement your specific authentication behavior.
      For example you may want to perform a query against a DB Table, check if user/password are correct and read assigned Roles from the DB.
      Simply set Token.UserName and Token.Roles from within your TTokenResource.Authenticate override of TMARSTokenResource.Authenticate.

      If you encounter any problem, just let me know and I will try to help.

      Sincerely,
      Andrea

      1. Jean Vandromme says:

        Hi Andrea,

        Thanks a lot. I had it figured out in the time between. I am decoding all your demos and it is really impressive. I know you have probably a lot of work to do but I am waiting (like many others, I’m sure) your next tutorials.

        Have a nice day,

        Jean

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.