[Midas] authenticated access
Zach Mullen
zach.mullen at kitware.com
Mon Jun 25 21:14:19 EDT 2012
You may be able to use the session for this; if you pass the "useSession"
parameter to a web API method, it will attempt to use session
authentication instead of the web API token, but this only works for
clients that support session cookies. So the question is, how is Annio
going to write data back into Midas? If the application is running in the
same place as Midas, you should be able to just pass useSession to the web
API assuming the user's session is still active. That seems to me that it
would work because Annio is an HTML5 application and is running in the
browser, so it would have all of the same session cookies from the Midas
instance.
Thanks,
Zach
On Mon, Jun 25, 2012 at 9:03 PM, Mona Wong <mona at sdsc.edu> wrote:
>
> Hi Patrick:
>
> > The current model is for your application to keep the Midas API key
> > used to authenticate to do the retrieving of data.
>
>
> How can I pass the user's Midas API key "safely" to the
> application Annio? Currently, I am passing it as a URL parameter but that
> allows the API key to be visible in the URL. Is there a way to pass it to
> my app in a "hidden" way...how about session authentication...I don't know
> if that is any safer...at least it is less visible...your thoughts?
>
> Mona
>
> *********************************************
> Mona Wong
> Web & iPad Application Developer
> San Diego Supercomputer Center
>
> "Forgive everyone everything."
> -- Regina Brett
> *********************************************
>
>
>
>
> _______________________________________________
> Midas mailing list
> Midas at public.kitware.com
> http://public.kitware.com/cgi-bin/mailman/listinfo/midas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/midas/attachments/20120625/a3a08b13/attachment.html>
More information about the Midas
mailing list