Webservice that handles 1 million user accounts

Question

Imagine you're writing a web app that will have 1 million users (they all grow that big, right!)

How would you handle user accounts? I can imagine a few scenarios:

1. Roll your own (database tables, salted/hashed passwords stored in a user profile table)
2. If written with ASP.NET, use the login/role provider (which falls back to the database)
3. Use Active Directory if in a Windows environment
4. Use some other LDAP server
5. A 3rd party provider like OpenID or .NET Passport

Stability and scalability are of course important.

I guess this is really a question of whether Active Directory and other LDAP servers scale well and easily. What do Facebook, Twitter and Gmail use as their backend account provider?

What got me thinking about this is the Google App Engine. Really cool looking. But users would need to get a Google Account if I used the built-in authentication stuff. Or with #5 above, users would need to go get an OpenID. I'm trying to make it so they can just do a simple sign up with my site without needing to visit other sites -- for the non-geeks of the world :)

Answer 1

I would ask someone who had actually worked on a system which caters for that many users.

I'd find out about other systems like this, and look at case studies that have been written about them. (Ask Microsoft, Oracle, IBM etc.).

But, for usability you either need to implement a single sign on solution, so users don't need to know their login details. (Perfect for the corporate world.)
or
You have to go with what users know, which is an email address/username, and password.

OpenID or similiar systems are horrible for non technical users.
(Note, anyone looking at this is a technical user.).

Answer 2

OpenID.
If you must give the users a choice to create an account on your site, become an OP.