Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Moving from custom authentication to Open ID

Anyone have any recommendations on moving from a solely custom DB based authentication to Open ID? Like pitfalls and gotchas. I'd really like to provide both for those who don't like/not into OpenID. This is an ASP.Net MVC application for the record.

like image 521
Webjedi Avatar asked Jun 18 '09 18:06

Webjedi


1 Answers

You can use OpenID very easily actually. As long as you disconnect the Account/Profile data from the actual login mechanism you should technically be able to use either or seamlessly. You could then keep a Logins table which could hold the username and (encrypted) password for those users that like to not use the OpenID scheme. Then keep your login details (when the user last logged in, etc.) with the Accounts table so that you can have users use your local Logins system or the various providers of Open ID style API login. Then you might create various classes to handle the plumbing details of logging in via your local system, logging in via Gmail, logging in via Open ID, etc. Then have all of these classes conform to the same interface. Then create a factory that handles the details of determining which class to use to login a specific Account by keeping tabs on what method they prefer at the Accounts level.

like image 75
Andrew Siemer Avatar answered Oct 15 '22 17:10

Andrew Siemer