Given an IP and a port number, it seems any client can connect to the server.
I don’t see it as built-in right now, and I’m implementing a simple auth using just custom messages. But I still wanna make sure in case I missed something.
We decided do not implement this, because authentication requirements are different for different customers and it is very difficult to satisfy to everybody. Probably we are wrong and we need to add some sort of message to Connect() function.
So client will do Connect(…, buf, buffSize); where it can send arbitrary data inside buf[ ].
Server will receive connect event and this message and use (for example) this message for authentication?
So, if it will be useful we can add this
Agreed! I think Connect(…, buf, buffSize); is generic enough to handle a lot of cases. And most people may just want a out-of-box simple password auth.
I like the idea as well. Preferably also add an overload in the highlevel api to take in a NetworkReader/Writer as the parameter.
ok i added this feature to to-do list
Has there been any movement on this? It seems kind of silly there is no simple authentication implementation available in the new API. It seems we have to roll our own authentication mechanism somehow by using network messages – every time a user sends a message to the server we have to validate that they have already or something.
yes, please. The Idea with Connect Message is very useful. Because in my system, I supposed to connect to the server, and then send a login message, and if login and pass wrong I must to disconnect this client. It’s not very accurate.
@ how urgent is it? (looks like i can support it before July if you need it faster it will require inserted in the one of the patch …)
Wow, thanks for asking. Well, it seems to be amazing feature with Connect and buff[ ] array, It kind a urgent but, as you wish 
Also if we could override our OnServerConnect not only with NetworkConnection parameter - will be really helpful for NetworkManager, example:
public override void OnServerConnect(NetworkConnection conn, byte[] buf or string[] buf)
{
//If buf is empty - it means that there is no data received from the client
//so we can disonnect it - NetworkServer.Disconnect(conn);
//If buf contains something - it means that there is some data received from the client
//so we can deserialize array of data and get some login information;
//Could be serialized JSON string of login class; which contains Login and Password or anything.
//or if we don't need to use buf feature just do a normal connect procedure.
}
But correct me if I’m wrong, LLAPI and HLAPI use the same connect procedure?
Cannot promise the second one, but will try
Thanks a lot!
Hi there, any news about that feature?
@ 
so far no 2017.1 has been already closed for features, and only bug fixing allowed. I will try to push this with path or will leave this till 2017.2
thanks for a quick reply, I appreciate your participation in that question! 
Hi there, may I ask you a question even if it’s not applicable to Authentication system? I’d really like to know your opinion about that.
Hi, this is still not possible to implement some authentication during connection process?
Right now looks like everyone can connect to the server if they know IP and the Port and later server have to ask (in OnServerConnect()) please give me login and password or I will disconnect you.
How it’s even possible in 2017 ? Is like what ?
byte[ ]/string[ ] should be inside NetworkTransport.Connect() function it’s easy and so obvious, isn’t it ?
Or maybe there is some other way implemented? It must be. How it can’t be in XXI century?
Looks like 99% of the time server will be connecting and disconnecting bots or other spammers.
And it would be so easy to add IPs to the black list if buffer is empty (means request came outside Unity client) with some checking implementation on the client side to prevent sending empty buffers.
Not trying to be a cunt. But you are kindoff implying that this is a 5 minute task that there is no reason to leave out. Not arguing against you, nor am I with you. But the Network Library is open source and you can always implement it yourself if you personally need it.
@ I would say, so far you can use web identification, and then after connect send authentication message something like this. ETA for authentication is still not clear…
@TomPo what kind of authentication do y need?
-strong certificate based
-week password based
-who will check these passwords?
-do we need to support data base for users?
-where this data base should be hosted and who will do this?
-will it help to prevent ddos attacks?
-do we need to support authorization on top of this?
-what grants for user we should support for authorization system
-one more things what security library we should use if ssl patented?
-another question, what lib we should use for udp traffic?
-do we need to crypt all traffic?
-should user to be able to config this?
Right now I am personally passing a byte[ ] to the server after connect. This is the ticket. Then after that it gets verified and if it’s not correct the server disconnects them. Something like that but with more native integration and some form of encryption would be fantastic.
Same thing.