Authentication

drawmaster77

Hi guys, I am just starting up with Photon, and I did some research on how to authenticate my clients (i.e. they would enter username/password and server would retrieve their account ID from DB or smth). And so far I can't figure out how to do it the correct way.

I've looked at Load Balancing example authentication, but I dont see where client (TestClient) calls it on their side. Nor am I sure whats happening on server side. There is this function:

protected virtual void HandleAuthenticateOperation(OperationRequest operationRequest, SendParameters sendParameters)
        {
            var request = new AuthenticateRequest(this.Protocol, operationRequest);
            if (this.ValidateOperation(request, sendParameters) == false)
            {
                return;
            }

            if (request.UserId != null)
            {
                this.PeerId = request.UserId;
            }

            var response = new OperationResponse { OperationCode = operationRequest.OperationCode };
            this.SendOperationResponse(response, sendParameters);
        }

But there is no checking for password/username here?

Perhaps now I am thinking I should just have the client send their username/password as peer.OpCustom function. And once the server validates that, it will assign userid key for that peer but only server side (not send it to client), so whenever client wants to perform some further operations, server would check if that ID exists, and retrieve DB entry based on that? Idk what you pros think?

[Deleted User]

Hi!
Your observerations are correct: the Loadbalancing test client does not call "Authenticate" yet, and the server-side authentication code is only a stub. But you can easily extend the "HandleAuthenticateOperation" and implement a username / password check; you can also adjust the test client to call "Authenticate" (with peer.OpCustom) after it has established a connection. Your approach is perfectly fine. :-)

mmetcalfe

Sorry to rekindle an old thread, but I was hoping someone could shed some further information on this. The approach mentioned here is the one I have taken and have working. However, I want to prevent multiple logins and I keep running in circles on the correct approach or where to inject code to check for a second login.

Thanks,
Michael

dreamora

You would need a session handling to do so.
I would handle the login through a PHP side and use the PHP Session as unique identifier. This way you can store their playtime etc in a database (and capture other metrics, bind the same backend then for inapp selling of goods, currency or whatever, ...) and have a granted unique login.

If you don't want to use a PHP side or integrate it into a website where you can do that handling easily, you would need to extend the photon backend so it stores the login state to a DB and query against that - a thing you will have present anyway for the login handling.
You would likely generate some kind of a session key here too for granted unique lookup during the playtime

mmetcalfe

Thanks for the quick response Dreamora.

Handling the login through PHP is not really an option for me at this point, and I am looking at extending the Photon backend. This is where I start running around in circles, in the code, extending the proper things. Just when I think I have it, I find a situation where it breaks the implementation.

dreamora

You would extend your login operation where you verify the credentials. In there you would set a flag on the user in the database when he is logged in and upon logout you would reset the flag again.

Problem here is resetting the flag upon logout as you will need to extend the data handling to transfer the 'id' or some other unique handler that allows the timeout / logout operations to retrieve the user in the table to update the flag again for the reset.