How to Write a Program to Check Authentication

The current name of the server is login.uci.edu

Things to consider before WebAuthing an application:

  • Who will be authorized?
  • Where wiil the applications be accessed from?
  • What happens if a user logs out/times out while in your application?

Things to decide before WebAuthing an application:

  • The acceptable age and idle times allowed for a WebAuth session
  • Whether to cache the authentication info in a local session

Things to make sure not to do while WebAuthing an application:

  • Parse the return in a way that will break if the order of lines changes or new fields are returned.
  • Make it possible for a loop to occur that will hit the WebAuth server with hundreds of webauth_checks a second.

The steps that need to be followed for a program that checks authentication are as follows:

  1. Get value of ucinetid_auth cookie or GET variable if either exists
  2. Send HTTP GET with the value of ‘webauth_check?ucinetid_auth=UCINETID_AUTH’ (with optional ‘&return_xml=true’) to the authentication host
  3. Parse the response
  4. Check to make sure there is a value for the UCInetID
  5. Check value of auth_fail if there is no UCInetID if the reason for failure matters
  6. Check to make sure the auth_host value matches the IP number of the browser currently accessing the program
  7. Check the times of the login to guess at validity:
  8. age_in_seconds for the overall age of the login
  9. max_idle_time for the amount of time between checks
  10. Check any local authorization
  11. Grant access to any materials

List of Values Returned By WebAuth

Flowchart

If you find it useful, here is a flowchart of the web authentication procedure.

WebAuth Flow Chart

WebAuth Flow Chart

Scroll Up