Is there a built-in authentication system in UNet?

@aabramychev thank you. I hope to see these features soon in future builds.

 

Any news about this? I would love a web hook system for authentication

 

@aabramychev good to see that Unity still cares about its networking component !
Looking forward to good news soon (tm)
cheer up man, we're counting on you even though not too many of us voice their interest on the forums

 

I'm using a dummy player object to pass tickets, via command, to the server which then checks them against a web API.

If they authenticate, their gameobject gets fully enabled for chat and interaction but, on failure, they get disconnected.

How easy is this to exploit in your eyes?

As is, they don't count against the maximum number of connections until they authenticate.

 

Same, but have a problem.
If we don't wan't player know where is all other player, we can't like that.
(Think player is a cheater, secure your game, don't think "is work, is done")

If player is ban, he can connect like he is not activate.

So many problem with this system, we need real protect connexion.

 

You can actually set the player entity to be hidden on the network from other clients. If people, during the authentication process, are hidden from one another and far away from authenticated players (who have network visibility based on proximity), that will achieve the desired effect. Even though it's improvised, the security and data traffic are optimal.

At the moment, if players fail to authenticate within a time limit, I kill the connection. You can take it a step further and try to ban any unique identifiers you can find, like the IP, for a few minutes to stop flooding.

Edit: Just been talking to the Mirror / Telepathy Devs in Discord and a better way to do this is to authenticate via messages prior to the client being set to ready.

You can override the default method shown below (Network Manager) and call ClientScene.Ready on your own terms:

public virtual void OnClientConnect(NetworkConnection conn)
{
if (!clientLoadedScene)
{
// Ready/AddPlayer is usually triggered by a scene load completing. if no scene was loaded, then Ready/AddPlayer it here instead.
ClientScene.Ready(conn);
if (m_AutoCreatePlayer)
{
ClientScene.AddPlayer(0);
}
}
}

This way, the game state won't be sent during your authentication process.