There is an existing application that a user logs into. At a certain point within the existing user workflow the new application I am working on takes over for the existing application and some data from the current session needs to be shared. I was given an idea of digitally signing the data to ensure it is secure, but I am having trouble figuring out how I would implement this and how to share the session. The application I am working on is a rails app.
My question really contains two parts, if you have an idea for one and not the other, that's great:
1) Do you have an idea on how I would share the session between both applications?
2) Would you have an idea on how I would use public/private keys to encrypt the data I am sending?
You can use RubyCAS for manage sessions between applications. It's easy to use and you can integrate it with Devise.
https://github.com/rubycas/rubycas-client
https://github.com/nbudin/devise_cas_authenticatable
Related
I recently switched to a new company where my manager wants me to develop entirely new cloud based project in MVC. I have never worked on a project from the start and I think this is a good opportunity for me to lead.
However, I think the requirements of the clients are bit confusing.
Here is what he wants:
Client should be able to access the cloud hosted application from his network with single sign on. He wants to use his active directory for that.
There are different users in active directory, they will have different roles (I think we can handle this on database side. Create different roles and assign roles to users).
Client has to add vendor info in the application. But for this, system should send an email to vendor with the url of the cloud application. He wants user to login to the application using 2 Factor Authentication. So, send dummy password with url, and send OTP to his mobile number. Just like registering to any system.
Now my questions are:
Is it possible to have 2 different types of login mechanisms in the same application? SSO for client and 2FA for outside vendors?
If yes, could you please guide me in the right direction?
what things I need? Which framework, design pattern should I prefer?
How do I proceed ?
I have been working on iOS application for sometime, and I am using Core Data to manage the SQLite database for the application. The users of the application can update the data associated with their account using the application, but I would like to create a simple web form where users could update certain information asosciated with their account. Basically I would like a user to be able to access a web adress from their personal smartphone or computer, login, then update information asociated with the account stored on the iOS device. What are the possible solutions I could use to accomplish this?
Breaking down your question:
Currently you have an iOS app which uses a local SQLite DB to store data
You want to let users update information in this DB remotely (i.e, via a web site)
Unfortunately to do this you're going to need to make some significant changes to how your app works. This is because it's impractical - if not nearly impossible - to do this kind of thing and keep the database local to your device.
The standard way of achieving this would be to store your database remotely on a web server, and then have both your app and your web form interact with this server to retrieve and update data.
There are lots of different ways to do this. Fundamentally, you'll need a server running a database, and a web service to access it. You could implement this yourself, using something like MySQL or PostgreSQL, along with a language of your choosing (Ruby, PHP, Node, etc). Another option is to use one of several 'backend as a service' providers. These are companies that provide 'out of the box' backend functionality for mobile apps. Two popular providers are Parse (owned by Facebook) and Stackmob.
Whether you choose to do it yourself or use a backend provider will depend on how confident you are. It's not an especially hard or tricky thing to put together on your own, but there are several common pitfalls you're likely to encounter.
I'm planning to build a group of several Rails applications on Heroku, and I want to share accounts, user data, and maybe some other information between these applications and the "main" Rails app. What would be the easiest and most effective way of doing this?
I've heard that one way of doing this is to make all the applications share the same database, but I'm not sure if that's really the best solution in my case since I only need to share some information between these apps. Another thing I've considered is using the CAS protocol, but that only seems to handle authentication (I can't use it to get user's names and email addresses). Suggestions?
Here's how I'm considering doing this.
Create a master app with user authentication.
Have each sub-app do omni auth with the master app.
Then the master app will house all the user data, and the sub-app will get the authentication info necessary plus the user data. I haven't figured out how to make sure that new user data will be saved in the master app, but it seems like you would just send the user to the master app, then have them returned once they've entered the data.
Any suggesting from you Rails experts out there before I sink a week into doing it this way.
I am new to iOS app development and am interested in developing an app that needs to utilize existing technologies to sync app specific data across multiple i-devices (iPhone, iPad, Touch, etc.). As an example, the app can be installed on multiple devices. On one device, the user will initially create an account. Then in subsequent logins, the user may create a task list, and each task item may possibly include a captured photo image. On the user's second i-device, as he logs in, he would be able to see and access the list and images (locally). Can someone explain to me what technologies I can leverage on to implement such an app?
Specifically:
How do I set up and manage the user accounts? Do I Need a dedicated server and sql database set up for my entire user base? And what programming/scripting languages do I need to learn?
How about the mechanism of pushing and pulling app data from one device to another? Do I need some kind of cloud technologies (SaaS?) to handle the storage and transferring of the data?
Any specific open source or commercial products I can leverage on?
Thanks in advance.
Kenny
I personally have not have had a situation like this, but here is what I would recommend.
You will need to have a server set up with database software.
You will need to write an api for yourself based on HTTP POST (REST) or maybe you could write a SOAP service.
I would HIGHLY recommend purchasing an SSL cert. for your server that way you can send the username and password in your request and it will be encrypted automatically.
For the api, you have a whole selection of languages and databases at your disposal. I am personally biased towards asp net with an MSSQL server.
with your api you will need to write methods to authenticate the user, and then save and send your data.
In your app you will simply send web requests to the server (ASIHttpRequest maybe?) and you can receive JSON responses back, which you can then deserialize into workable objects and vice versa.
if you do use asp net, you can use the newtonsoft JSON library to convert your objects for sending and convert received objects.
I dont remember the name, but there also is a JSON library for obj-c that is usable on iPhone.
Use a SQL server and host a database of logins and passwords.
Then, from each device, create a connection to the server, and download the login information for the account.
Also, not to be rude but: Google it.
I am interested in deploying a Node.js along side my Rails application server. Just as a reference, I plan on using socket.IO to create a chat server, so users will be able to chat inside of my web application.
My current application uses Authlogic to authenticate users. I would like to ensure that only a user cannot read other users' messages, so I will need to authenticate the user session somehow. My Node.js will have access to my database, and I know Rails can store the sessions inside of the database, so I would like to use this feature to authenticate chat users. The problem is, I have no idea how to go about doing that. I'm not even sure what information is present in the session, and I do not know how I can use this information to authenticate a user.
Thanks in advance!
The rails session is tricky to use from other languages: it's just a serialised ruby object and pretty much the only documentation for the marshal format is the implementation/rubyspec.
However authlogic doesn't actually store anything in the session: it has a separate cookie (user_credentials by default, assuming your model is User)
The data in that cookie is "#{user.persistence_token}::#{user.id}", so you should be able to easily verify this from your js code