Anyone have any recommendations on moving from a solely custom DB based authentication to Open ID? Like pitfalls and gotchas. I'd really like to provide both for those who don't like/not into OpenID. This is an ASP.Net MVC application for the record.
+6
A:
You can use OpenID very easily actually. As long as you disconnect the Account/Profile data from the actual login mechanism you should technically be able to use either or seamlessly. You could then keep a Logins table which could hold the username and (encrypted) password for those users that like to not use the OpenID scheme. Then keep your login details (when the user last logged in, etc.) with the Accounts table so that you can have users use your local Logins system or the various providers of Open ID style API login. Then you might create various classes to handle the plumbing details of logging in via your local system, logging in via Gmail, logging in via Open ID, etc. Then have all of these classes conform to the same interface. Then create a factory that handles the details of determining which class to use to login a specific Account by keeping tabs on what method they prefer at the Accounts level.
Andrew Siemer
2009-06-18 18:44:00
I like to have a User table and a Credential table, where users can have multiple credentials. That way, potentially, users can have multiple OpenIDs, an InfoCard, etc.Also, read up on http://wiki.openid.net/Relying-Party-Best-Practices for more ideas.
Andrew Arnott
2009-06-19 13:52:10
+3
A:
I'd recommend not to stop supporting your current method of authentication, and instead link the OpenID accounts with your current user table.
I did this recently on my site and it works flawlessly.
Bryan Migliorisi
2009-06-18 18:54:35
Bryan I am also interested in adding openid support to my current login system...I saw your website staga.net(gr8 site first of all and I really like your open id integration) can you please help me with the implementation in php... I have read the basic overview and instructions at plaxo and I also have a php simple openid class... The only problem I am having is I don't understand what am I suppose to do in the class how am i suppose to pass the openid_url and get the response from the service provider... Help would be much appreciated... Thanks
halocursed
2009-10-16 12:30:58
I have successfully implemented something very similar to SO using http://stevelove.org/projects/dope-openid/ but I really like your approach with using buttons for each openid provider and plus you also have it for facebook...How did you add facebook support? Can you help me on that too...Thanks
halocursed
2009-10-16 21:20:17