I am in the process of creating a series of websites and web applications that will be hosted on a dedicated server that I own and host. They will be developed on Windows Server 2008, IIS7 and .NET 4, SQL Server 2008 and Entity Framework. This will be a live server as well as a place for me to learn how to do some new stuff.
- A user will have a single Username/Password for all sites
- A user can have different levels of access on each site
- The login needs to be persistent across sessions "Remember Me"
- "Logout" logs the user out from all sites
- There will be some parts of the sites where Anonymous is allowed
I have looked at OpenId and OAuth and I am not sure that either one of these really fits the bill. I do not want to use something like Twitter to handle authentication as I have heard that it is full of holes.