And... which is easiest to implement?
views:
239answers:
8This depends some what on th eend user.
Spring Security / Acegi I tend to use for most of my projects.
I find openId cumbersome for most non techy users. Stack overflow has a unique user base so its perfectly suited to using it.
ASP.NET 2.0 Forms Authentication
Very easy to implement and use, as long as you're working with ASP.NET.
I would implement my own using their email address as the login. This, in my experience is the "easiest to implement!".
ASP.NET Forms Authentication + Open ID. Your basic user is a proprietary one and you can then use your Open ID instead of it.
Assuming you are using .NET, using the build-in Forms Authentication with the built-in SQL Membership Provider is really easy. Check out the video tutorial at here.
With the Ruby on Rails project I'm currently working on I just dropped in the Restful Authentication and Rails Authorization plugins. It's been a real headache remembering which one handles user login and which one handles user permissions. That aside, the combination has been a real time saver.
I believe there is a way to use OpenIDs with Restful Authentication but I haven't looked into it very much.
Edit: I thought I should note that I modified the Restful Authentication plugin's generated code for the user model to use the email address instead of an account name.
I prefer to keep full control of my logins, so used to write them myself, but got tired of keeping up to date with all the latest security techniques, etc.
Its worth it though if you want to know exactly what's happening, and learn something along the way.
I now use this : http://www.prophpscripts.com/scripts/user-session-pro
which basically does it all for you, and still gives you control.. and it means I don't have to bother keeping it up to date as they do! Pretty cheap to.