Introduction to main authentication methods for http resources (part 1)

Introduction

I’ve been very busy these last two years updating a proprietary web application (written in Java) to integrate it inside the Microsoft security systems (amongst other things) . Therefore I have had to dive into the different security mecanisms that can protect the http protocol and which are often encountered by the internet users. This article is certainly not exhaustive and is divided into few parts

Authentication and autorization

Before diving in the technical details, it’s important to make a quick reminder on the two fundamentals principles of the security:

Authentication and autorization

The authentication : The authentication is the method used to certify that an actor is really the one he claims to be.

The autorization : The autorization is the access control to resources granted on basis of the information gaiined from the authentication.

Authentication families

According to me, one can primarily organize the different HTTP authentication mecanisms following these criterias:

Scalar or Vectorial type & ISO level

Scalar and Vectorial authentications


– Scalar authentications are the ones which return one attribute. (For example : the BASIC authentication with a username and its password whose goal is to validate and transmit the username )


– Vectorial authentications are the ones which return more than one attribute (For example : the CLAIM BASED authentication mechanism whose goal is to validate and transmit user’s properties (for ex. email, niss,phone number,locality))

ISO level of authentication

The OSI model, well described in Wikipedia, describing/defining the network communication layering model, may also structure the http authentication mechanisms.

To be continued…

In the next posts, we’ll look into details at the following authentication mechanisms:

Basic authentication

Form authentication

Digest authentication

Certificate authentication

NTLM authentication

Kerberos authentication

Claim-based authentication

Bomberman in Azure (Microsoft Cloud)

Introduction

In 2013, i had to develop and deploy for a school named Supinfo * a microsoft cloud based version of the famous bomberman game whose you’ll find the project documentation and the source code below.

* please forget the name, it doesn’t worth it…if you want to know why read the older twits of the twitter account @do_it_simple

The Bomberman game

Wikipedia being our friend, you’ll find here  everything that you need to understand the concepts of this game.

Screenshots

Technical overview

Developped in C# .NET (version 4) for the Microsoft Cloud (aka Azure), the project Bomberman,  is written thanks to the Microsoft MVC framework for the Web tier part  on one hand and on the other hand, thanks to the Microsoft EF framework for the Database tier.

Moreover, at the client side, the jquery framework was added to make easier the asyncrone communication (in JSON) between the browser and the webapp.

Database structure for Entity Framework

Sourcecode

The sourcecode of this project is hosted at github