Menu
Anyone have any recommendations on moving from a solely custom DB based authentication to Open ID? Like pitfalls and gotchas. I'd really like to provide both for those who don't like/not into OpenID. This is an ASP.Net MVC application for the record.
521
You can use OpenID very easily actually. As long as you disconnect the Account/Profile data from the actual login mechanism you should technically be able to use either or seamlessly. You could then keep a Logins table which could hold the username and (encrypted) password for those users that like to not use the OpenID scheme. Then keep your login details (when the user last logged in, etc.) with the Accounts table so that you can have users use your local Logins system or the various providers of Open ID style API login. Then you might create various classes to handle the plumbing details of logging in via your local system, logging in via Gmail, logging in via Open ID, etc. Then have all of these classes conform to the same interface. Then create a factory that handles the details of determining which class to use to login a specific Account by keeping tabs on what method they prefer at the Accounts level.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
