Also checkout my blogs on: PMP | C# | SQL | Personal

  Friday, December 23, 2005

Intro to Authentication

Authentication: Is also synonymous with Login.

Various types of Authentication:
  • Windows Authentication: Mostly used for Intranet sites as all the users must have a windows account. So, if you are creating a website like yahoo mail or something, this is not for you.
  • Forms Based Authentication: Mostly used over internet. Yahoo mail uses this kind of authentication. You don’t need a windows account. Users register themselves, create a userid and pwd and then use the same to log in. You store userid and pwd in a database and when user logs in, check against the database and authenticate / reject.
  • Passport Authentication: This is nothing but forms based authentication, but the userid and pwd will be stored with Microsoft. Very rarely used.
  • Custom Authentication: This is my own technique. When the user registers, collect the email id. Then send an email with a link, clicking on which the user will be automatically authenticated. The link expires after the first click, that way even if the link stays in the browser cache, no one will use it. When they log out, send another link to their email. There are some drawbacks, but if don’t want to maintain userid and pwd with you and get rid of all the authentication process, this is easy. Most importantly, the user will not have another password to remember. This works for a normal site, but should not be used with sites that requires extra security like using SSL.

More on each of the authentication Techniques later.


Post a Comment

<< Home