CS代写 INFO 30005

INFO 30005
Web Information Technologies
Authentication with
includes material by and Ronal Singh

Copyright By PowCoder代写 加微信 powcoder

This Lecture
• … complements the Passport tutorial • mimics project transition from D2 -> D3
• Concepts
• Authentication, Authorization, Passwords, Sessions
Demo: add Passport to your project
1. mockup app with hard-coded user data 2. store user data in database
3. add Passport for authentication
4. role-based authentication

• Authentication and Authorization
• Securing Routes
• Protecting Passwords • Sessions

https://canvas.lms.unimelb.edu.au/courses/128408/pages/passport-demo-from- lecture?module_item_id=3772479/

Authentication
Who is the user?
How can we be certain?
What are they authorized to do?

Authentication
Authentication strategies, e.g. Local: ‘local’ strategy requires a database of users
each has a username and password
check if credentials match a user in the database store user in a session for subsequent requests
Role-based authentication:
quite common on the web, e.g. ‘staff and customers’ different user roles or types see different pages
add a ‘role’ to each user in the database
direct different roles to different pages
extra authentication of routes

Securing Routes

Protect Passwords
What if an intruder sees our database? Use bcrypt to hash the password

Hashed passwords
User enters password
User enters password

• HTTP is stateless by default
• Add ‘express-sessions’ to simulate session

User asks for web page
Now route is protected
login html
Phase 1: auth this user
Phase 2: remainder of session

add Passport to your project
1. mockup app with hard-coded user data 2. store user data in database
3. add Passport for authentication
4. role-based authentication
code to download (zip files)
1. passport-demo-start
2. passport-demo-database 3. passport-demo-passport 4. passport-with-roles

Initial mockup

Connect to Database
Install and set up mongoose.js Store user data in MongoDB Hard-code a user id in app.js in app.js, change:
• get user from db before rendering

Not secured
• Routes are not secured yet
• Anyone can navigate to this page
• We need to authenticate the user
• and Authorize the user to access this page

Add Passport
• Install and configure Passport
• Installandconfigure‘local’strategy
• Hash user passwords in database
• Set up login form and routes
• Secureexistingroutes

Role-based authentication
• For apps with >1 class of user
• Add ‘role’ to users • Redirect
• Authenticate

• Redirect
• Authenticate

Authentication with
• Authentication and Authorization
• Securing Routes
• Protecting Passwords
• Sessions

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com