Hello, I need to develop an application which needs to authenticate user by verifying login name/password for both web access and api. I need the same controller to cater to both web and api. I can put the before_filter for the controller to make sure that user is logged-in and user_id is in session. But how do I design the controller that if the request comes as a rest web service request then before filter should not check session for logged user but should authenticate with login/password passed as parameters with request and then should go ahead whichever way the request came to controller. I would really appreciate any code samples/links to sites which explain how to do that. Thanks. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/2c8f9d03c856c947947561f7eac884a0%40ruby-forum.com. For more options, visit https://groups.google.com/groups/opt_out.
On Nov 21, 2013, at 4:12 PM, renu mehta <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Hello, > > I need to develop an application which needs to authenticate user by > verifying login name/password for both web access and api. I need the > same controller to cater to both web and api. I can put the > before_filter for the controller to make sure that user is logged-in and > user_id is in session. But how do I design the controller that if the > request comes as a rest web service request then before filter should > not check session for logged user but should authenticate with > login/password passed as parameters with request and then should go > ahead whichever way the request came to controller. > > I would really appreciate any code samples/links to sites which explain > how to do that. > > Thanks.So I haven’t personally implemented such a thing, but I’ve used such things. AWS API requests do this thing where you establish a connection using the two keys (access and secret) and get a token to use for the rest of your API accesses (I’m pretty sure this times out eventually). I’m sure you could work something similar to that using the user/pw? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/D8C1B9A8-83A6-4BEE-8D92-C0231F08A806%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Basically, I want to know how to implement different authentication checks for different request paths - from browser or from api. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/d4f63fa7d7a415789385b258b3a17957%40ruby-forum.com. For more options, visit https://groups.google.com/groups/opt_out.