What public interfaces should I look to expose for an authentication subsystem?

Question

As part of a uni project I have to design an authentication/authorization subsystem for an application. Does anybody have any idea of what I need to include as part of the public interface?

Answer 1

Its a vague question. I think a very general purpose to create authorization and athentication systems, is the one proposed by the .NET-classes MembershipProvider (authentication) and RoleProvider (authorization).

The membership provider provides methods, to check e-mail and password of a user. The role provider provides methods, to check if a user is in a specific role and has the authorization to perform an action.

I'm not saying you should go and copy paste the method of the classes. But their declarations could give a rough idea of what you should include to your interface and may inspire you for own ideas.