Best authentication method for this project ...

[BFarley]

I started going down the path of forms authentication using SQL Server to store user/membership data, but came across a few stumbling blocks -- that led me to back up and decide whether or not that's even the best authentication method.

A bit of background: Each user may have the ability to work in one or more ASP.NET apps. Their roles within each may differ, though.

The main thing is having a single login/password per user. Ideally a user would log in, and be presented with a page listing the ASP.NET apps to which they have access, and corresponding links.

I like how the same username can appear in multiple apps, in Forms authentication using the SQL db, and multiple roles handled that way. However, it appears that each username/app combo would have a separate password to maintain.

All thoughts greatly appreciated!

Bryant Farley

"The Dude Abides

 

[jmeckley]

is windows authentication an option? this is easiest to maintain as the OS does it for you this works great in an Active Directory environment.

another option, is the uses of the open id system. a a variety of OSS, blogs and social networking sites use this service to share a common login. depending on the sensitivity of your application this may also work.

Forms is the still probably the best option if you need full control of authentication (not authorization) you would need to provide custom authentication services to access the sql database of users.

this could be designed as a common assembly and referenced in each application's authentication module. i believe there is a way to do this in the web.config, but I could be wrong.

there should resources on the web about custom forms authentication modules.

Jason Meckley
Programmer
Specialty Bakers, Inc.