search

crashcloud / Crash

Crash allows you to create shared models which can be interacted with by people within your office, or across the globe.
http://crsh.cloud
MIT License
20 stars 2 forks source link

Add Authentication to Crash #1

Open clicketyclackety opened 1 year ago

clicketyclackety commented 1 year ago

Start Date

No response

Implementation PR

No response

Reference Issues

No response

Summary

Crash needs to have basic authentication using the Rhino Account system so that when changes are submitted, they do so using the Rhino Account logged into the Rhino instance. To add to this, ideally models could do with having permissions, starting simple with;

Resources

https://developer.rhino3d.com/guides/rhinocommon/rhinoaccounts/ra-example/ https://docs.google.com/document/d/1-U0FYt6iQAM3UA6Rio4z0sDVXBSdc0kQk5e4zumnKig/edit https://developer.rhino3d.com/guides/rhinocommon/rhinoaccounts/ra-overview/

Basic Example

  1. A user connects to a Shared Model
  2. The Model authenticates the user to know
    • They have access
    • What kind of access they have
  3. The model allows or refuses the connection

Drawbacks

  1. Less open, users require a rhino account (if made mandatory)
  2. Could make unit testing tricky!
  3. Adds more complexity

Unresolved questions

Does every Rhino user have a rhino account? If not what percentage?

clicketyclackety commented 11 months ago

https://learn.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-7.0 Bearer tokens that use a Rhino Auth token would be a good solution