User account and authentication features

Question

User account and authentication features

Opened this issue 9 years ago · 1 comments

I never working on about authentication directly by myself. Especially about from mobile to backend server. So I need to do some research for make sure not just its work, But must secure too.

Answer 1 · 2019-11-04T04:16:50.000Z

I think it would be enough if you ask username/password, get authentication cookie and use that to access user data.

Request username + password from user.
POST https://vocadb.net/User/Login (username + password in body). No need to save username + password.
Save cookie named .ASPXFORMSAUTH from result.
Pass that cookie to all requests to website.
Should now be able to access user data.

No need for fancy schmancy Google/Twitter integration at this point. This should be secure enough because the authentication token expires eventually and password is not saved on device.