Moving from custom authentication to Open ID
https://stackoverflow.com/questions/1014411
-
06-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Anyone have any recommendations on moving from a solely custom DB based authentication to Open ID? Like pitfalls and gotchas. I'd really like to provide both for those who don't like/not into OpenID. This is an ASP.Net MVC application for the record.
Solution
You can use OpenID very easily actually. As long as you disconnect the Account/Profile data from the actual login mechanism you should technically be able to use either or seamlessly. You could then keep a Logins table which could hold the username and (encrypted) password for those users that like to not use the OpenID scheme. Then keep your login details (when the user last logged in, etc.) with the Accounts table so that you can have users use your local Logins system or the various providers of Open ID style API login. Then you might create various classes to handle the plumbing details of logging in via your local system, logging in via Gmail, logging in via Open ID, etc. Then have all of these classes conform to the same interface. Then create a factory that handles the details of determining which class to use to login a specific Account by keeping tabs on what method they prefer at the Accounts level.
OTHER TIPS
I'd recommend not to stop supporting your current method of authentication, and instead link the OpenID accounts with your current user table.
I did this recently on my site and it works flawlessly.
