PS: Please don't forget to explain how Gmail username/password is validated immediately, whereas entering the right username and password takes time to login, behind the scenes.
Well I doubt the authentication piece of the Google web applications (like GMail) is open-source so I doubt we will not know exactly. However inspecting it via Fiddler shows that the initial call to authenticate, it appears to open up a tunnel to
accounts.google.com:443. In this manner the client or server might be unaware of the connection and it (the tunnel) is likely dropped when authentication succeeds or the user leaves the page. There are no
new separate HTTP requests made upon each subsequent logon attempt. The reason it seems instant is because of the open tunnel I assume. Definition from the W3 docs:
"Tunnel: An intermediary program which is acting as a blind relay between two connections. Once active, a tunnel is not considered a party to the HTTP communication, though the tunnel may have been initiated by an HTTP request. The tunnel ceases to exist
when both ends of the relayed connections are closed."
I have not implemented this type of authentication before (via HTTP tunnel), so I recommend doing some research on opening a HTTP tunnel if you would like to try this.
http://en.wikipedia.org/wiki/HTTP_tunnel
atconway
All-Star
16846 Points
2756 Posts
Re: ASP.NET - Gmail-like secured application architecture
May 07, 2012 08:05 PM|LINK
Well I doubt the authentication piece of the Google web applications (like GMail) is open-source so I doubt we will not know exactly. However inspecting it via Fiddler shows that the initial call to authenticate, it appears to open up a tunnel to accounts.google.com:443. In this manner the client or server might be unaware of the connection and it (the tunnel) is likely dropped when authentication succeeds or the user leaves the page. There are no new separate HTTP requests made upon each subsequent logon attempt. The reason it seems instant is because of the open tunnel I assume. Definition from the W3 docs:
"Tunnel: An intermediary program which is acting as a blind relay between two connections. Once active, a tunnel is not considered a party to the HTTP communication, though the tunnel may have been initiated by an HTTP request. The tunnel ceases to exist when both ends of the relayed connections are closed."
http://www.w3.org/Protocols/rfc2616/rfc2616-sec1.html#sec1
I have not implemented this type of authentication before (via HTTP tunnel), so I recommend doing some research on opening a HTTP tunnel if you would like to try this. http://en.wikipedia.org/wiki/HTTP_tunnel
http://discuss.joelonsoftware.com/default.asp?joel.3.720201.10