Need suggestions on authenticating a user, that's already logged into the website, on a flash game
Question
Here's the battle plan:
- User logs into website.
- User clicks the
Playbutton and a new window opens with the flash game in it. - If the user is logged into website, have the flash game load. Otherwise ask him for credentials.
Is this type of interconnectivity possible? Can I give a flash object (.swf) something to use?
Any suggestions on how to tackle this problem?
1 answers
solution1
1 ACCPTED 2011-10-25 07:57:29
Interesting problem. There is trivial and non-trivial solution IMO.
Trivial solution
In the pop-up, check if user is authenticated, and if not, dont render HTML with flash object, but some message instead. Con : If someone knows direct URL to flash game, he can play anyway...
Non-trivial solution
Modifying flash game itself to "support" your authentication. If your user log in, create some random temporary token for him (Guid in cache seems fine to me). When opening popup with game, render this token as "parameter" which flash can see. Flash game then must take this token, call some URL with it (something like /checkgametoken?token=123... ). This action looks for the specified token in cache and say "ok" or "no" to flash.
This approach can be made even more secure with features like including client IP in token (concatenate and hash it with guid) to prevent sending token to other users, or even mechanism for preventing "hacking" flash game - it can be modified that it cant even function without authentication (instead of "ok"/"no" from server, it should retrieve some vital parts - constants to function properly, maybe even parts of code, i am not sure about capabilities of flash in this way)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.