Comparative Analysis of Selected Programming Frameworks in terms of their Suitability for User Authentication and Authorization
Abstract
The aim of the article was to perform a comparative analysis of the Net 6 and NestJS programming framework in terms of their suitability for user authentication and authorization. The functionalities and programming libraries offered by the researched technologies were reviewed. Applications were created in the tested skeletons. Application performance and load tests were carried out. The obtained test results showed that the application written in NestJS offered a shorter time to service the request and was able to handle a larger number of users compared to the application using Net 6. Net 6 offered a greater number of functionalities in the field of authentication and authorization, their implementation required less work from the developer compared to the NestJS backbone.
Keywords:
comparative analysis, authentication, NestJS, NetReferences
S. Tumin, S. Encheva, A Closer Look at Authentication and Authorization Mechanisms for Web-based Applications, Proceedings of the 5th WSEAS Congress on Applied Computing Conference, and Proceedings of the 1st International Conference on Biologically Inspired Computation (2012) 100-105.
Google Scholar
J. Lopez, R. Oppliger, G. Pernul, Authentication and authorization infrastructures (AAIs): a comparative survey, Computers & Security 23(7) (2004) 578-590, https://doi.org/10.1016/j.cose.2004.06.013.
DOI: https://doi.org/10.1016/j.cose.2004.06.013
Google Scholar
M. J. Price, C# 10 and .NET 6 - Modern Cross-Platform Development, Packt Publishing, 2021.
Google Scholar
G. Magolan, et.al., Nest.js: A Progressive Node.js Framework, Packt Publishing, 2022.
Google Scholar
C. Ntantogian, et.al., Evaluation of password hashing schemes in open source web platforms, Computers & Security 84 (2019) 206-224, https://doi.org/10.1016/j.cose.2019.03.011.
DOI: https://doi.org/10.1016/j.cose.2019.03.011
Google Scholar
L. Ertaul, et.al., Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms, Proceedings of the International Conference on Wireless Networks (ICWN) (2016) 66-72.
Google Scholar
N. Provos, D. Mazières, A Future-Adaptable Password Scheme, FREENIX Track: 1999 USENIX Annual Technical Conference Proceedings (1999) 81-92.
Google Scholar
C. Percival, S. Josefsson, The scrypt Password-Based Key Derivation Function, RFC 7914 (2016) 1-16, https://doi.org/10.17487/RFC7914.
DOI: https://doi.org/10.17487/RFC7914
Google Scholar
Ed. K. Moriarty, B. Kaliski, A. Rusch, PKCS #5: Password-Based Cryptography Specification Version 2.1, RFC 8018 (2017) 1-40, https://doi.org/10.17487/RFC8018.
DOI: https://doi.org/10.17487/RFC8018
Google Scholar
B. Pervan, J. Knezovic, K. Pericin, Distributed Password Hash Computation on Commodity Heterogeneous Programmable Platforms, 13th USENIX Workshop on Offensive Technologies (WOOT 19) (2019) 1-8.
Google Scholar
A. Dikanski, R. Steinegger, Identification and implementation of authentication and authorization patterns in the spring security framework, SECURWARE 2012 - 6th International Conference on Emerging Security Information, Systems and Technologies (2012) 14-20.
Google Scholar
M. Trnka, et.al., Systematic Review of Authentication and Authorization Advancements for the Internet of Things, Sensors 22(4) (2022) 1361-1385, https://doi.org/10.3390/s22041361.
DOI: https://doi.org/10.3390/s22041361
Google Scholar
Internet rzeczy, definicja, https://en.wikipedia.org/wiki/Internet_of_things, [03.05.2022].
Google Scholar
Wikipedia - Role-based access control, https://en.wikipedia.org/wiki/Role-based_access_control, [22.09.2022].
Google Scholar
Wikipedia - Attribute-based access control, https://en.wikipedia.org/wiki/Attributebased_access_control, [19.09.2022].
Google Scholar
Oficjalna strona producenta maszyny wirtualnej Vmware, https://www.vmware.com/pl.html, [09.10.2022].
Google Scholar
S. Newman, Building Microservices, 2nd Edition, O'Reilly Media, 2021.
Google Scholar
K. Indrasiri, D. Kuruppu, gRPC: Up and Running, O'Reilly Media, 2020.
Google Scholar
Json Web Token, definicja, https://datatracker.ietf.org/doc/html/rfc7519, [03.05.2022].
Google Scholar
Token odświeżenia, definicja, https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/, [15.08.2022].
Google Scholar
Narzędzie do tworzenia testów wydajnościowych k6, https://k6.io, [03.05.2022].
Google Scholar
Informacje o programie Performance Monitor, https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749154(v=ws.10), [03.05.2022].
Google Scholar
Definicja funkcji skrótu, https://en.wikipedia.org/wiki/Hash_function, [05.05.2022].
Google Scholar
A. Biryukov, et.al., Argon2: New Generation of Memory-Hard Functions for Password Hashing and Other Applications, 2016 IEEE European Symposium on Security and Privacy (EuroS&P) (2016) 292-302, https://www.doi.org/10.1109/EuroSP.2016.31.
DOI: https://doi.org/10.1109/EuroSP.2016.31
Google Scholar
Główna strona internetowa Open Web Application Security Project, https://owasp.org, [22.06.2022].
Google Scholar
Statistics
Abstract views: 111PDF downloads: 132
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
