authentication?

[Int32Overflow]

Hello,

can you tell me how to implement authentication? A user should only be allowed access to certain methods. What would be the best way?

[AArnott]

Authentication is outside the scope of the JSON-RPC protocol.

My recommendation is you authenticate before establishing a JSON-RPC connection. For instance, if you're on a websocket, the authentication should happen using the HTTP authenticate headers. Once you've established who the user is, you can initialize the object to which you're connecting JSON-RPC passing in the user identity so it can know which incoming RPC methods to reject when they are invoked.

Alternatively, your JSON-RPC target object can have a Login method which accepts credentials, authenticates the user, and then enables the right set of other methods.