1 What%is%User%Authen.ca.on? 2 3 User%Authen+ca+on - - PowerPoint PPT Presentation

1 what is user authen ca on
SMART_READER_LITE
LIVE PREVIEW

1 What%is%User%Authen.ca.on? 2 3 User%Authen+ca+on - - PowerPoint PPT Presentation

Jan 06, 2023 564 likes •724 views

1 What%is%User%Authen.ca.on? 2 3 User%Authen+ca+on the%process%of%valida1ng%a%users%creden1als%against% what%is%saved%in%the%database Does%the%password%match%what%is%saved%in%the% database?

slide-1
SLIDE 1

1

slide-2
SLIDE 2

What%is%User%Authen.ca.on?

2

slide-3
SLIDE 3

3

slide-4
SLIDE 4

User%Authen+ca+on

  • the%process%of%valida1ng%a%user’s%creden1als%against%

what%is%saved%in%the%database

  • Does%the%password%match%what%is%saved%in%the%

database?

  • Basically,%are%you%who%you%say%you%are?

4

slide-5
SLIDE 5

User%Authoriza.on

  • the%process%of%determining%if%a%user%has%access%to%a%

certain%resource

  • Does%the%user%have%admin%rights?%

5

slide-6
SLIDE 6

Basic&Authen-ca-on&Flow

  • User&enters&their&login&creden0als
  • The&server&queries&the&user’s&info&in&the&database
  • If&the&entered&creden0als&match&the&saved&

creden0als&in&the&database,&the&request&is& processed

6

slide-7
SLIDE 7

7

slide-8
SLIDE 8

Stateful(Protocol

…a#protocol#that#requires#keeping#of#the#internal#state#

  • n#the#server#is#known#as#a#stateful#protocol.#7#

Wikipedia#

8

slide-9
SLIDE 9

Stateless'Protocol

A"stateless"protocol"does"not"require"the"server"to" retain"session"informa5on"or"status"about"each" communica5ons"partner"for"the"dura5on"of"mul5ple" requests."8"Wikipedia"

9

slide-10
SLIDE 10

10

slide-11
SLIDE 11

Cookie&Based+Authen1ca1on

  • is$stateful
  • session$is$kept$both$on$server$and$client$side
  • ac5ve$session$is$tracked$in$database
  • cookie$on$client6side$saves$the$session$id

11

slide-12
SLIDE 12

Example

  • User&submits&login&creden2als
  • Server&verifies&the&creden2als
  • Server&creates&a&session&with&an&unique&ID
  • Server&passes&the&session&ID&in&a&cookie,&which&is&

saved&in&the&browser

  • The&ID&in&the&cookie&is&verfied&against&the&server,&for&

all&subsequent&requests

  • Session&is&destroyed&when&client&logs&out&of&app

12

slide-13
SLIDE 13

Token&Based+Authen0ca0on

  • is$stateless
  • the$server$does$not$keep$track$of$which$users$are$

logged$in$or$which$tokens$have$been$issued

  • every$request$to$the$server$is$accompanied$with$a$

token

13

slide-14
SLIDE 14

Example

  • User&submits&login&creden2als
  • Server&verifies&and&returns&a&signed&token
  • Token&is&stored&client9side,&typically&local&storage
  • Subsequent&requests&include&token&as&an&addi2onal&

Authoriza2on&header

  • Server&decodes&the&token&and&if&valid,&processes&the&

request

  • Token&is&destroyed&on&client9side&when&user&logs&out

14