I am trying to find out what is the basic software pattern for authentication. I've written up some toy code in LINQPad:
void Main()
{
var token = Login(new User {Username = @"joel@xyz.com", Password = "12345"});
if (token.Equals(Guid.Empty))
{
"Authentication failed.".Dump();
return;
}
else
{
"Authentication succeeded!".Dump();
}
HelloLoggedInUser(token);
}
public class User
{
public string Username { get; set; }
public string Password { get; set; }
public bool Matches(User user)
{
return user != null && user.Username.Equals(Username)
&& user.Password.Equals(Password);
}
}
public static User theUser = new User { Username = @"brian@xyz.com", Password = "12345" };
public Guid Login(User user)
{
var guid = theUser.Matches(user) ? Guid.NewGuid() : Guid.Empty;
return guid;
}
public void HelloLoggedInUser(Guid token)
{
if (token.Equals(Guid.Empty))
return;
"Hello, authenticated user.".Dump();
}
So, I think I have the very basic recipe down. However, I am having writer's block.
The requirement is now to write a prototype of an authentication layer that uses Dependency Injection, Inversion of Control, provides token persistence, and remains agnostic both to what type of app (windows, web, mobile) is doing the authentication, and is also agnostic as to what means is used for storing users.
The requirement is to gin this up in the most trivial form, using a simple console app as the frontend.
Right at the present time, I do not want to utilize any frameworks such as OAuth, ASP MVC, etc. that do the work for me...I need to have a working knowledge as to what that crap is doing "behind the scenes."
Can anyone please send me any links or articles about this or point me in the right direction? I'm in that "analysis paralysis" mode where you're staring at a blank sheet of paper and going, "duhhh...." I am experienced in programming, but if I can't see the architecture in my head then my thought process really isn't all that effective.
Brian