I have a basic xml-rpc web service service.What is the easiest way (I'm new) to implement secure authentication?
xml-rpc
I just need some direction.
You can check this code for a simple XML-RPC server via HTTPS . Authentication can work as you would like ... they could be authenticated using some credentials, and you provided a cookie for the rest of the session.
Python docs for xmlrpc provide information on using the HTTP 'Authorization' header to pass credentials.
Here is the code that Twisted uses to implement the xmlrpc auth mechanism, which can easily use HTTPS instead of HTTP.
This guy wrote an HTTPS XML-RPC installation with authorization , which you can download. There are tons of resources and ways to do this that are easy to treat. It all depends on whether you use mod_wsgi, for example, or record a stand-alone server using Twisted.
Bottom line:
a) Use SSL for communicationb) Use the HTTP authorization mechanism