Re: Sign On Authentication

From: Todd H. (comphelp_at_toddh.net)
Date: 08/16/05

• Next message: Ari Silversteinn: "Re: Sign On Authentication"
• Previous message: Unruh: "Re: The Chinese MD5 attack"
• In reply to: Ari Silversteinn: "Sign On Authentication"
• Next in thread: Ari Silversteinn: "Re: Sign On Authentication"
• Reply: Ari Silversteinn: "Re: Sign On Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 Aug 2005 23:07:58 -0500

Ari Silversteinn <abcarisilverstein@yahoo.comxyz> writes:
> Is there a way to automatically authenticate a user, not the user's
> computer, when he logs in to a website? The reason for this is to
> validate that a multiple choice test that is taken was performed by
> Bob X and not by Charles Y in a distance learning application.

This is a notion known as "individual identification" and "individiual
authentication."

It's normally done with a username and password. The username
identifies a unique user. The password set by that person
authenticates that user that hopes to confirm the user is who they say
they are.

If by automatic you mean the user doesn't have to enter anything, the
answer is "no, with your requirements, there's no practical way to do
this."

If you're willing to give up strong authentication, you could email
URL's to specific users, each of them uinque, and containing an
encoded username to uniquely identify them.

However, if someone happens to get hold of that email maliciously or
by a manager forwarding their email to all their subordinates and
saying "take the is test" then you've lost authentication, and
everyone who got the email will be indistinguishable.

Best Regards,

-- 
Todd H.
http://www.toddh.net/

• Next message: Ari Silversteinn: "Re: Sign On Authentication"
• Previous message: Unruh: "Re: The Chinese MD5 attack"
• In reply to: Ari Silversteinn: "Sign On Authentication"
• Next in thread: Ari Silversteinn: "Re: Sign On Authentication"
• Reply: Ari Silversteinn: "Re: Sign On Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Sign On Authentication ... > Is there a way to automatically authenticate a user, ... It's normally done with a username and password. ... identifies a unique user. ... If you're willing to give up strong authentication, ... (comp.security.misc) Re: Sign On Authentication ... >> Is there a way to automatically authenticate a user, ... when he logs in to a website? ... The reason for this is to ... authentication is one of one and ID is one of many. ... (comp.security.misc) Re: Sign On Authentication ... >> Is there a way to automatically authenticate a user, ... when he logs in to a website? ... The reason for this is to ... authentication is one of one and ID is one of many. ... (sci.crypt) RE: Web Forms Auth fails when rfValidator triggered ... © 2002 Microsoft Corporation. ... | Content-Type: text/plain ... | | basically has a username field, ... | | If I enter garbage text in BOTH fields, the authentication ... (microsoft.public.dotnet.framework.aspnet.security) RE: Adding a virtual FTP folder to IIS ... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ... (microsoft.public.dotnet.framework)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint