How difficult/time consuming is setting up a .net login page?

Question

We're working on a SSO solution that allows users to log in via .net and then end up at a PHP app. I'm working on the PHP end, and after much work, I've decoded, parsed, and otherwise done things to the cookie that .net sets with the username and ticket expiration date.

At least I think I have. My difficulty now is that the .net developer is too busy right now to set up a test login page that generates these cookies so I can truly test. What I'm wondering is how long setting up this test page should take. My feeling is that it shouldn't take long, but then I've never done it. (Heaven forbid that I be like a client who tells a developer that "it should only take an hour or so.")

I just want to know what I should reasonably be able to expect. Simple log in that creates a formsauth ticket and sends the logged in user over to my test page. FWIW, they already have any number of log in pages set up for .net apps that are currently in use.

EDIT: To clarify, I'm not going to be implementing this. I want to know how long it should take the .net developer to do so.

Answer 1

If you used the ASP.NET Membership Provider, it pretty much does all the work for you (including the login form itself).

Answer 2

Here is a walkthrough of the configuration side for Forms authentication in ASP.NET. If you can code a two-textbox page and a button on a web form, then you can do the rest. I would budget two hours if you never do any ASP.NET whatsoever.

Answer 3

If all your after is creating a Forms Authentication ticket then this one line of code will do it:

FormsAuthentication.SetAuthCookie("Username", False)

The second parameter indicates if you wish the cookie to be permanent or not.

If you're looking for a quantification of how much effort it would take your asp.net developer to implement the login page you described, the answer should be less than 15 minutes.

Answer 4

If you don't have the login database, you can use the built-in sql provider, here is how you configure it: http://msdn.microsoft.com/en-us/library/6e9y4s5t.aspx.

If you do have the data, you can implement a custom membership provider and only implementing the ValidateUser method. You can leave the rest with a NotImplementedException and implement more features when you need them:

public override bool ValidateUser(string username, string password)
{
   //return true or false;
}

Even if you were not to use that has the final implementation, you can use it as a quick approach. You can expand on most of the other pieces where needed, and the only dependency you have created with PHP is with the authentication ticket, which any of those use (also the through directly with the FormsAuthentication).

For a final implementation you want to make sure passwords are correctly protected i.e. are hashed when saved to the db. With the built-in provider you can have it done that automatically. For your custom code, there are simple classes that do this for you.

Update 1: Providing a time estimate like that its really hard. Time varies widely per project, developer, etc. That said, going the membership route, it is reasonable for it to be in just a couple of hours, testing it really works of course (if going the custom provider route, this assumes the db is in place, and you have some stuff in to make the login simple). If you are setting it up just to test how it integrate with PHP, I would go the built-in provider, just run the sql scripts to create the db, set the config up, add a login page/control, test it and you are good to go, say an hour in this case. Now, this is kind of automatic mode, a just do approach.

Answer 5

ASP.NET Forms-based Authentication is fairly easy to get started with and you can find a tutorial on the ASP.NET QuickStart Tutorials website. You want to look at the section on Forms-based Authentication. If you require a more sophisticated solution then take a look at the Membership and Role Manager.

HTH
Kev