DEV Community

Carrie
Carrie

Posted on

Website Authentication Made Simple with SafeLine

#authentication #identity #website #safeline

Website authentication is a fundamental part of modern web security. It ensures that only authorized users can access protected resources, reducing the risk of data breaches, abuse, and unauthorized operations.

This article will explain what website authentication is, when it is needed, introduce several free and practical authentication tools, and finally walk through SafeLine WAF’s authentication feature and how to configure it.

What Is Website Authentication?

Website authentication is the process of verifying a user’s identity before granting access to a website, application, or specific resources.

Common authentication methods include:

  • Username and password
  • Tokens or API keys
  • Cookies and sessions
  • Single Sign-On (SSO)
  • IP-based or request-based verification

Authentication answers the question:

“Who are you, and should you be allowed to access this resource?”

When Do You Need Website Authentication?

Not every website needs authentication, but it becomes essential in many scenarios:

Administrative Interfaces

  • Admin panels (/admin)
  • Internal dashboards
  • Management APIs

Internal or Private Services

  • Staging environments
  • Internal tools
  • Test platforms not meant for public access

APIs and Web Services

  • Prevent unauthorized API usage
  • Protect against abuse and scraping
  • Control access for partners or customers

Temporary Protection

  • Maintenance pages
  • Pre-launch websites
  • Emergency protection during attacks

If your website exposes sensitive functionality or data, authentication should be considered mandatory.

Free and Useful Website Authentication Tools

Here are some popular and free authentication solutions commonly used today:

1. Basic Authentication

  • Built into HTTP standard
  • Username and password via browser prompt
  • Easy to configure
  • Best for internal tools or temporary protection

✅ Simple

❌ Not suitable for public-facing login systems

2. OAuth / OpenID Connect

  • Used by Google, GitHub, Microsoft, etc.
  • Enables Single Sign-On (SSO)
  • Supported by many open-source tools

Popular providers:

  • Google OAuth
  • GitHub OAuth
  • Auth0 (free tier available)
  • Keycloak (open-source)

✅ Secure and scalable

❌ Slightly more complex to deploy

3. API Key / Token-Based Authentication

  • Common for APIs
  • Client sends a token in headers
  • Easy to rotate and revoke

✅ Ideal for machine-to-machine access

❌ Requires careful key management

4. Reverse Proxy Authentication

  • Authentication handled at the gateway layer
  • No need to modify backend applications
  • Ideal for legacy systems

✅ Very flexible

✅ Application-agnostic

This is where SafeLine WAF authentication shines.

SafeLine WAF Authentication: Overview

SafeLine WAF provides a built-in identity authentication feature at the WAF layer, allowing users to protect websites and applications without changing backend code.

With SafeLine authentication, you can:

  • Add authentication to any website behind SafeLine
  • Protect directories, paths, or entire domains
  • Block unauthorized users before traffic reaches the server
  • Reduce attack surface and backend load

This is especially useful for:

  • Admin panels
  • Internal services
  • Temporary access control
  • Protecting legacy applications

How To Configure Authentication in SafeLine

Basic Configuration

SafeLine provides two authentication modes: Simple Auth and SSO.

  • Simple Auth: Application-specific authentication system where users can only access that application after logging in
  • SSO (Single Sign-On): allowing users to access multiple related applications after logging in once, without repeated logins. See SSO
Field Description
Login Method Multiple login methods available, including AccountPassword, OIDC, Github, LDAP. For SSO mode, configuration must be done in AUTH-SETTINGS-SSO.
Auth Callback URL Required when passing user authentication information to the application server, used to exchange for user information.
Application Redirect URL Required in SSO mode. When clicking on the application in the unified management panel, it will redirect to this address.

Advanced Configuration

  • Approval Configuration: Options for authorization approval

    • Need to approve access: First-time users will trigger an approval request after authentication, requiring admin approval before accessing.
    • Access directly after authentication: Users can directly access the application after authentication without approval.

  • Enable authentication for specific conditions: Supports options to authenticate when conditions are met or skip authentication when conditions are met

How to Configure Passing User Authentication Information to the Application Server?

  • After successful user authentication, SafeLine will redirect to the following URL, where http://example.com/application is the Auth Callback URL configured: 
http://example.com/application?code=123456&redirect_uri=original_user_access_address
Enter fullscreen mode Exit fullscreen mode

  • Find the API Token in the SafeLine console under Settings-Management page

  • The application should implement using the code to request SafeLine's /.safeline/auth/api/user interface to obtain authenticated user information at the Auth Callback URL. The code can only be used once

// Request:

GET http://safeline-console.com/.safeline/auth/api/user?code=123456

X-SLCE-API-TOKEN: safeline-api-token

// Response:

Content-Type: application/json

{
    "code": 0, // 0: success, non-zero: failure
    "msg": "Error description",
    "data": {
        "id": 1,
        "username": "username"
    }
}
Enter fullscreen mode Exit fullscreen mode
  • After successfully obtaining user information, the application should cache the login information to determine whether the current user is logged in for subsequent requests, then redirect to the redirect_uri

If retrieving user information fails, the application needs to delete cookies with the prefix sl_auth_session_, prompting the user to authenticate again

Why Use WAF-Level Authentication?

Compared to application-level authentication, WAF-level authentication offers:

  • ✅ No code changes
  • ✅ Faster deployment
  • ✅ Consistent protection across services
  • ✅ Reduced backend attack surface
  • ✅ Ideal for legacy or third-party systems

It provides a lightweight but effective layer of access control exactly where it matters.

Conclusion

Website authentication is a critical security mechanism for protecting sensitive resources and preventing unauthorized access. While many tools and frameworks exist, WAF-level authentication offers a powerful and flexible option—especially when backend changes are impractical.

SafeLine WAF enables teams to implement authentication quickly, securely, and transparently, making it an excellent choice for internal tools, admin panels, APIs, and temporary access control scenarios.

By combining authentication with SafeLine’s traffic inspection and protection capabilities, you gain both identity control and attack defense at the gateway level.

Related Resources

SafeLine Website: https://ly.safepoint.cloud/ShZAy9x
Live Demo: https://demo.waf.chaitin.com:9443/statistics
Discord: https://discord.gg/dy3JT7dkmY
Doc: https://docs.waf.chaitin.com/en/home
Github: https://github.com/chaitin/SafeLine

Top comments (0)