It seems that a lot of people are confused about what to do when it comes to requiring authentication for their Ruby on Rails application. Here are a few links that helped me figure things out.
1. Authlogic
Authlogic is the authentication plugin for Ruby on Rails that I use when I need one. It apparently has plugins that extend it for role-based permissions, but I haven’t used any of them, opting to build my own instead. Maybe on the next project.
2. Restful Authentication
Restful Authentication has been the standard authentication plugin/gem for Ruby on Rails for a long time. It works nicely and has hooks for role authorization. The problem I’ve had with it is that it feels a little clunky. I haven’t tried it out in a while, maybe I’ll dust it off and write a tutorial on using it.
One thing I will say for it is that it established the standard for using REST in authentication, which simplified the interface and the approach to authentication with Ruby on Rails.
3. Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9
This article covers the basics of password hashing and salting. It explains the why’s and glosses over the how’s. One thing I hadn’t considered was using a slow algorithm rather than a fast one and its advantages. Check this one out if you’re new to authentication.
4. Simple and Restful Authentication for Ruby on Rails
If you’re looking to build your own authentication system or would like to understand some of the basic inner workings of other authentication systems. Robert Sosinski has done an excellent job explaining authentication and how to do it.
5. Authentication with Rails Metal
This is an example I came up with for managing authentication through Rails Metal. Rails Metal is an extremely fast and efficient way of handling requests to your Ruby on Rails application.
6. Clearance
I’d heard a bit about Clearance and wanted to try it out. I’ve found that it’s extremely easy to set up and use. In fact, after trying it out, I may use it on my next project. You’ll be pleasantly surprised at how simple it is.
7. RPXNow.com
RPX is an OpenID authentication solution. It allows users to use their logins from Facebook, Google, and several other providers. It’s free for up to 6 providers. The nice thing is that it has a gem that integrates nicely with your Ruby on Rails application.
8. Module
ActionController::HttpAuthentication::Basic
Ever wish that Rails came with its own built in authentication solution? Guess what? It does! This is the documentation complete with examples written by the Rails Team. It’s definitely worth a look.
9. Ruby on Rails LDAP Integration
Let’s face it. Sometimes we find ourselves needing to integrate with other systems. This is an extremely clear explanation on how to integrate your Rails authentication with LDAP, or more specifically Microsoft’s Active Directory service.
Many open source folks sort of shun Microsoft products, but in certain parts of the real world, businesses are using Windows. If you have the need, or are using LDAP on Linux, this tutorial is a life saver.
{ 5 comments… read them below or add one }
Great article! It’s nice to be able to see all of these side by side. I’m still loving authlogic, but the metal way of doing it is very cool. I may have to update my app that still uses basic auth.
Great article! I have the feeling it’ll save me quite some time in future! Thanks!
Rack::Warden authenticates at the Rack level. It’s a little rough, not many examples, but it works above Rails and/or Sinatra, so you can use one authentication system for all:
http://github.com/hassox/warden/tree/master
Great info. So many authentication mechanisms and all of them at one place. Superb!
I’ve been trying to figure out how to use your #1 choice, Authlogic, all day today! I’ve found several tutorials, but so far they’ve all been dated. I feel like I’ve got the basic idea, except that I end up with some error like “acts_as_authentic” is an undefined variable or other similar errors.
Do you know of any up to date and complete tutorials for getting started with Authlogic?
{ 5 trackbacks }