How would you loop this into a security model?

Jan 2, 2011 at 3:31 PM

Hi,

Does Websockets simply feed off the IIS Identity framework? So if you need to login to your website in the first instance does this protect your WS page as well? If not how would you ensure that the person sending data to WS is an authenticated person?

Thank you,

Dominic

Coordinator
Jan 3, 2011 at 8:07 AM

You mean windows integration authentication?

Yes, SuperWebSocket hasn't implemented this feature and it will not be supported in first stable release...

 

 

 

 

Jan 3, 2011 at 10:45 PM

I wasn't necessarily thinking Windows Authentication, but IIS/SQL Membership provider perhaps. Basically some kind of security that makes sure the person is who they claim to be, username/password.

Coordinator
Jan 4, 2011 at 7:25 AM

In my mind, IIS Membership provider uses NTLM Authentication, and SQL Membership provider is an application level authentication which you can implement in your sub protocol base on SuperWebSocket.

I am not sure whether WebSocket protocol has defined NTLM implementation.

I'll do more research.