Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 1 of 1
Thread: Storing AD Credentials?
03-31-2014, 12:14 PM #1
- Join Date
- Mar 2014
- Thanked 0 Times in 0 Posts
Storing AD Credentials?
I'm using Ruby On Rails to develop an in-house site. The basic design is - a log in screen which verifies credentials against LDAP server. Once logged in, a mainpage is presented, with a number of different tabs. Depending on the tab, the webpage interacts with a different back-end system on the web host via REST API - For example, a software version control system, or an in house software build / compilation system, or an in-house test management system. All of these use the credentials supplied in the log in screen. What I need to do is "preserve" (or pass through!) the user/password supplied and verified at the log in screen, for use by the API calls, for the appropriate system.
For clarification here, I should add that on the login screen, the authentication is done via an API call to one of the back end systems - and upon successful response from this call, I do a redirect_to call to get to the main page (a "GET" in my routes.rb config)
So I'm looking for a safe, secure way of making the verified credentials available from the authentication controller, to the mainpage controller.
One option is obviously cookies - but to describe this as insecure is an understatement! I could (I believe) pass them as part of a GET for the mainpage, but I believe this would result in them being displayed as part of the URL. Even less safe the cookies!
Thoughts / Comments / Suggestions?