INFO 30005
Web Information Technologies
Authentication with
includes material by and Ronal Singh
Copyright By PowCoder代写 加微信 powcoder
This Lecture
• … complements the Passport tutorial • mimics project transition from D2 -> D3
• Concepts
• Authentication, Authorization, Passwords, Sessions
Demo: add Passport to your project
1. mockup app with hard-coded user data 2. store user data in database
3. add Passport for authentication
4. role-based authentication
• Authentication and Authorization
• Securing Routes
• Protecting Passwords • Sessions
https://canvas.lms.unimelb.edu.au/courses/128408/pages/passport-demo-from- lecture?module_item_id=3772479/
Authentication
Who is the user?
How can we be certain?
What are they authorized to do?
Authentication
Authentication strategies, e.g. Local: ‘local’ strategy requires a database of users
each has a username and password
check if credentials match a user in the database store user in a session for subsequent requests
Role-based authentication:
quite common on the web, e.g. ‘staff and customers’ different user roles or types see different pages
add a ‘role’ to each user in the database
direct different roles to different pages
extra authentication of routes
Securing Routes
Protect Passwords
What if an intruder sees our database? Use bcrypt to hash the password
Hashed passwords
User enters password
User enters password
• HTTP is stateless by default
• Add ‘express-sessions’ to simulate session
User asks for web page
Now route is protected
login html
Phase 1: auth this user
Phase 2: remainder of session
add Passport to your project
1. mockup app with hard-coded user data 2. store user data in database
3. add Passport for authentication
4. role-based authentication
code to download (zip files)
1. passport-demo-start
2. passport-demo-database 3. passport-demo-passport 4. passport-with-roles
Initial mockup
Connect to Database
Install and set up mongoose.js Store user data in MongoDB Hard-code a user id in app.js in app.js, change:
• get user from db before rendering
Not secured
• Routes are not secured yet
• Anyone can navigate to this page
• We need to authenticate the user
• and Authorize the user to access this page
Add Passport
• Install and configure Passport
• Installandconfigure‘local’strategy
• Hash user passwords in database
• Set up login form and routes
• Secureexistingroutes
Role-based authentication
• For apps with >1 class of user
• Add ‘role’ to users • Redirect
• Authenticate
• Redirect
• Authenticate
Authentication with
• Authentication and Authorization
• Securing Routes
• Protecting Passwords
• Sessions
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com