MARS-Curiosity: “Authentication and Authorization” video
In this video I will cover the basics to implement authentication and authorization with MARS-Curiosity library.
Since March 2016, I’ve added JWT support to MARS-Curiosity and this impacts significantly the authentication/authorization area of the library. Some topics may be good for some other specific sessions but with this video you should get a glance at the whole picture.
Here is a link to the slides I’ve used in this video.
Enjoy 🙂
Andrea
Hi Andrea.
Great implementation and examples on MARS, video tutorials have been of much help I appreciate your great effort.
I have only one question, is there any possibility to implement “https” requests easily on MARS?. To avoid intercepting my username and password over the network.
Regards
Hi Fredy,
I tend to add an Apache Instance in front of my application server. Making Apache act like a proxy to your application enables you to add SSL directly on the Apache node (it is simple, very well documented and secure). It is the same technique described here (https://www.embarcadero.com/home/development-and-deployment-of-delphi-multi-tier-applications) by Marco Cantù (with respect to DataSnap services but it is exactly the same topic).
I will cover the deployment options for MARS-Curiosity in some blog posts/videos in the future (near future, I hope).
Bye
Thanks Andrea, I’ll check. I’ve been testing the demos with Firedac and works well on mobile devices, I like deployment with tokens and authorization mechanism.
Hi Andrea,
Thanks for all the brilliant work you’re doing. It’s amazing.
Concerning the authorization token mechanism you’re describing in your video, how do you create users/password/roles ?
Thanks
Hi Jean,
you can override the TMARSTokenResource.Authenticate (see example implementation provided https://github.com/andrea-magni/MARS/blob/master/Source/MARS.Core.Token.Resource.pas ) method and implement your specific authentication behavior.
For example you may want to perform a query against a DB Table, check if user/password are correct and read assigned Roles from the DB.
Simply set Token.UserName and Token.Roles from within your TTokenResource.Authenticate override of TMARSTokenResource.Authenticate.
If you encounter any problem, just let me know and I will try to help.
Sincerely,
Andrea
Hi Andrea,
Thanks a lot. I had it figured out in the time between. I am decoding all your demos and it is really impressive. I know you have probably a lot of work to do but I am waiting (like many others, I’m sure) your next tutorials.
Have a nice day,
Jean