authentication interview questions
Top authentication frequently asked interview questions
What's the difference in web application? In short, please.
P.S. I see abbreviation "auth" a lot. Does it stands for auth-entication or for auth-orization? Or both?
Source: (StackOverflow)
I want to understand what token-based authentication means. I searched the internet but couldn't find anything understandable.
Source: (StackOverflow)
I am looking to authenticate a user from a client application while using the ASP.NET Web API. I have watched all the videos on the site and also read this forum post.
Putting the [Authorize] attribute correctly returns a 401 Unauthorized status. However, I need to know how to allow a user to log in to the API.
I want to provide user credentials from an Android application to the API, get the user logged in, and then have all subsequent API calls pre-authenticated.
Source: (StackOverflow)
Are there any existing user authentication libraries for node.js? In particular I'm looking for something that can do password authentication for a user (using a custom backend auth DB), and associate that user with a session.
Before I wrote an auth library, I figured I would see if folks knew of existing libraries. Couldn't find anything obvious via a google search.
-Shreyas
Source: (StackOverflow)
If I want to store the username and password to be used inside an Android application, what is the best way to do it? Is it through the preferences screen (but what if the user misses this?), or pop up a dialog box and ask the user for the credentials? If so, I do have to maintain state for the application. How would I do this?
Source: (StackOverflow)
Is it possible to log out user from a web site if he is using basic authentication?
Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time he access the site using the same credentials.
The only solution so far is to close browser, but that's not acceptable from the usability standpoint.
Source: (StackOverflow)
What does RESTful Authentication mean and how does it work? I can't find a good overview on Google. My only understanding is that you pass the session key (remeberal) in the URL, but this could be horribly wrong.
Source: (StackOverflow)
I'm wondering what the current approach is regarding user authentication for a web application making use of JSF 2.0 (and if any components do exist) and Java EE 6 core mechanisms (login/check permissions/logouts) with user information hold in a JPA entity. The Oracle Java EE tutorial is a bit sparse on this (only handles servlets).
This is without making use of a whole other framework, like Spring-Security (acegi), or Seam, but trying to stick hopefully with the new Java EE 6 platform (web profile) if possible.
Source: (StackOverflow)
I recently switched to syncing my repos to https:// in github (due to firewall issues) and it asks for a password every time. It used to be that I had an ssh cert and it was enough. Is there a way to bypass password in my case (using http/https)?
Source: (StackOverflow)
I cloned a git repository from my Github account to my PC.
I want to work with both my PC and laptop, but with one Github account.
When I try to push to or pull from Github using my PC, it requires username and password, but not when using the laptop!
I don't want to type my username and password every time I interact with origin.
What I am missing here?
Source: (StackOverflow)
What is the correct way to log out of HTTP authentication protected folder?
There are workarounds that can achieve this, but they are potentially dangerous because they can be buggy or don't work in certain situations / browsers. That is why I am looking for correct and clean solution.
Source: (StackOverflow)
Form-based authentication for websites
We believe that Stack Overflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form based authentication for websites" should be a fine topic for such an experiment.
It should include topics such as:
- How to log in
- How to remain logged in
- How to store passwords
- Using secret questions
- Forgotten username/password functionality
- OpenID
- "Remember me" checkbox
- Browser autocompletion of usernames and passwords
- Secret URLs (public URL protected by digest)
- Checking password strength
- E-mail validation
- and much more about form based authentication ...
It should not include things like:
- roles and authorization
- HTTP basic authentication
Please help us by
- Suggesting subtopics
- Submitting good articles about this subject
- Editing the official answer
Source: (StackOverflow)
I want to set up the user name & password for my mongoDB. so that any remote access will ask for the user name & password. Is there a way to do it? I tried the tutorial from the mongodb site and did following:
use admin
db.addUser('theadmin', '12345');
db.auth('theadmin','12345');
After that, I exit and run mongo again. And I don't need password to access it. Even I connect to the mongodb remotely, I am not prompted for user name & password.
Thanks.. I got it now.
Here is what I document:
1) In mongo command line: (let say, set administrator)
> use admin;
> db.addUser('admin','123456');
2) Shutdown Server and exit
> db.shutdownServer();
> exit
3) Restart Mongod with --auth
$ sudo ./mongodb/bin/mongod --auth --dbpath /mnt/db/
4) Run mongo again in 2 ways:
i) run mongo first then login.
$ ./mongodb/bin/mongo localhost:27017
> use admin
> db.auth('admin','123456');
ii) run & login to mongo in command line.
$ ./mongodb/bin/mongo localhost:27017/admin -u admin-p 123456
* The username & password will work the same for mongodump and mongoexport.
Source: (StackOverflow)
I am trying to create a basic auth through browser, but I can't really get there.
If this script won't be here the browser auth will take over, but I want to tell the browser that the user is about to make the authentication.
The address should be something like:
http://username:password@server.in.local/
I have a form:
<form name="cookieform" id="login" method="post">
<input type="text" name="username" id="username" class="text"/>
<input type="password" name="password" id="password" class="text"/>
<input type="submit" name="sub" value="Submit" class="page"/>
</form>
And a script:
var username = $("input#username").val();
var password = $("input#password").val();
function make_base_auth(user, password) {
var tok = user + ':' + pass;
var hash = Base64.encode(tok);
return "Basic " + hash;
}
$.ajax
({
type: "GET",
url: "index1.php",
dataType: 'json',
async: false,
data: '{"username": "' + username + '", "password" : "' + password + '"}',
success: function (){
alert('Thanks for your comment!');
}
});
Source: (StackOverflow)
In ASP.NET MVC, you can mark up a controller method with AuthorizeAttribute, like this:
[Authorize(Roles = "CanDeleteTags")]
public void Delete(string tagName)
{
// ...
}
This means that, if the currently logged-in user is not in the "CanDeleteTags" role, the controller method will never be called.
Unfortunately, for failures, AuthorizeAttribute returns HttpUnauthorizedResult, which always returns HTTP status code 401. This causes a redirection to the login page.
If the user isn't logged in, this makes perfect sense. However, if the user is already logged in, but isn't in the required role, it's confusing to send them back to the login page.
It seems that AuthorizeAttribute conflates authentication and authorization.
This seems like a bit of an oversight in ASP.NET MVC, or am I missing something?
I've had to cook up a DemandRoleAttribute that separates the two. When the user isn't authenticated, it returns HTTP 401, sending them to the login page. When the user is logged in, but isn't in the required role, it creates a NotAuthorizedResult instead. Currently this redirects to an error page.
Surely I didn't have to do this?
Source: (StackOverflow)