i can’t find any possible answer to my question, so i need to ask it here.
Is it possible to make a steam user authentification on the server?
To check if the player bought this game and for the internal database to load his data.
I could let the player send the steamid and make a check on the server, but i think this is hackable, or not?
Isn’t logon with SteamID managed by the Steam API (plugin) itself? Not sure how it works, but from what I gathered on the info I found on the Steam API you can get it once you have your game greenlit.
Yes of course, but i need the SteamID on the server, to load the players data.
Because, if i let the client send his SteamID to the connected server, the client could modify the SteamID to get some others stuff. So i think, this is hackable. And i dont know, how other games made it, like Rust.
I have no knowledge of the Steam API, but yes, it is in theory hackable (everything client side is hackable).
I think the best way around is (indeed) store the SteamID on the server and then in return send some encoded userID (encrypted SteamID along with something save like current IP address and timedate stamp of logon) to the client and store that one in a list (server side of course ) of connected users along with the SteamID. From that moment on only use the encoded userID instead of the SteamID for server- client communication. Using this you can implement a (constant) IP address check to see if the current userID still matches the one that logged on with the SteamID.
I have used this technique to create a cookie in a PHP script and it has proven to be pretty hard to hack/steal.
Hi, I know this was posted some time ago but did you find a solution in the end?
I’m looking at two possible routes, one of which being to register my UNET dedicated server on Steam or to find some other way of validating a secure token from the client.
To anyone who has had some experience with this, I and I suspect many others, would greatly appreciate your insight.