WebAuth: Writing a Program to Check Authentication
Summary: Use this guide to help you write a program to check for UCInetID Authentication.
The current name of the server is 'login.uci.edu'
Things to consider before WebAuthing an application:
- Who will be authorized?
- Where wiil the applications be accessed from?
- What happens if a user logs out/times out while in your application?
Things to decide before WebAuthing an application:
- The acceptable age and idle times allowed for a WebAuth session
- Whether to cache the authentication info in a local session
Things to make sure not to do while WebAuthing an application:
- Parse the return in a way that will break if the order of lines changes or new fields are returned.
- Make it possible for a loop to occur that will hit the WebAuth server with hundreds of webauth_checks a second.
The steps that need to be followed for a program that checks authentication are as follows:
- Get value of ucinetid_auth cookie or GET variable if either exists
- Send HTTP GET with the value of 'webauth_check?ucinetid_auth=UCINETID_AUTH' (with optional '&return_xml=true') to the authentication host
- Parse the response
- Check to make sure there is a value for the UCInetID
- Check value of auth_fail if there is no UCInetID if the reason for failure matters
- Check to make sure the auth_host value matches the IP number of the browser currently accessing the program
- Check the times of the login to guess at validity:
- age_in_seconds for the overall age of the login
- max_idle_time for the amount of time between checks
- Check any local authorization
- Grant access to any materials
Here is a list of all the values returned by webauth_check along with a list of error code meanings.
If you find it useful, here is a flowchart of the web authentication procedure.
