I had been facing a lot of issues with my new authentication system that I have been trying to implement. The problem with current authentication system is that it works with only one of the types - Forms, Windows or Passport.
I want to have multi-mode authentication with custom authentication systems built in. To explain what I mean, here's a real-life scenario that I faced working with one of my clients:
- The company has two variations of employees - permanent and temp.
- Permanent employees have a domain-ID while temp staff works with non-domain ID.
- Permanent employees have more access than temp staff which normally works through web.
- How do I integrate the authentication for the two scenarios?
To explain the problem technically, permanent employees would login through Windows authentication mode - handled through a domain controller internally where as the temp staff needs Forms authentication since they don't have a domain-ID.
In the current scenario it is kind of impossible. I posted this problem on newsgroups some time back (around 6 months) to which Paul was courteous enough to send his then unpublished article. The article is now available here
Look at the solution. You get an estimate of the pains? Still not.. try ahead to implement it.
I thought of making a custom authentication mode whereby users can add their own custom authentication modes. It would also be possible to allow more than one mode to work simulaneously.
Well, at the face of it, the authentication modules - WindowsAuthenticationModule, FormsAuthenticationModule and PassportAuthenticationModule - are added to <httpModules> section in machine.config but the modules come into action based on the "Mode" value given in <authentication> section.
See my next posting on Unified Authentication
