APM Sharepoint authentication
Published Apr 20, 2016
Version 1.0Was this article helpful?
OK,
I did not see what did your irule. I now understand what you mean.
I think usage of
[ACCESS::user getsid $user_key]
with password hash is as secure as usage of session cookie.
there is the same security issue if the account is locked after the user signed on logon page.
the irule does not use username and password to authenticate but as a fingerprint to be sure this is the same user as the previous session, and reuse the same session, like session cookie does.
that's why I was thinking about insert client ip in the fingerprint as in exchange irule.