Click here to Skip to main content
15,867,453 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I am trying to find out what is the basic software pattern for authentication. I've written up some toy code in LINQPad:

C#
void Main()
{
	// Login with a specific username and password.  
	// If success, then token will contain a new GUID.
	// If failure, Guid.Empty is returned.
	var token = Login(new User {Username = @"joel@xyz.com", Password = "12345"});
	if (token.Equals(Guid.Empty))
	{
		// authentication failed
		"Authentication failed.".Dump();
		return;
	}
	else 
	{
		"Authentication succeeded!".Dump();
	}
	
	HelloLoggedInUser(token);
}

// Define other methods and classes here

///<summary>
/// Defines a user by their username and password.
///</summary>
public class User
{
	///<summary>
	/// The user's username, usually their email address.
	///</summary>
	public string Username { get; set; }
	
	///<summary>
	/// The user's password.  Should be encrypted.
	///</summary>
	public string Password { get; set; }
	
	///<returns>
	///</returns>
	public bool Matches(User user) 
	{
		return user != null && user.Username.Equals(Username)
			&& user.Password.Equals(Password);
	}
}

public static User theUser = new User { Username = @"brian@xyz.com", Password = "12345" };

public Guid Login(User user)
{
	// Check if the user inputted matches our valid 'theUser', by whatever
	// criteria are in the Matches() method. If so, then generate a new token
	// (GUID) or return the Empty GUID
	var guid = theUser.Matches(user) ? Guid.NewGuid() : Guid.Empty;
	return guid;
}

///<summary>
/// The method that will only work for an authenticated user.  
/// Save the token produced by the Login() method!
///</summary>
public void HelloLoggedInUser(Guid token) 
{
	if (token.Equals(Guid.Empty))
		return;
		
	"Hello, authenticated user.".Dump();	
}


So, I think I have the very basic recipe down. However, I am having writer's block.

The requirement is now to write a prototype of an authentication layer that uses Dependency Injection, Inversion of Control, provides token persistence, and remains agnostic both to what type of app (windows, web, mobile) is doing the authentication, and is also agnostic as to what means is used for storing users.

The requirement is to gin this up in the most trivial form, using a simple console app as the frontend.

Right at the present time, I do not want to utilize any frameworks such as OAuth, ASP MVC, etc. that do the work for me...I need to have a working knowledge as to what that crap is doing "behind the scenes."

Can anyone please send me any links or articles about this or point me in the right direction? I'm in that "analysis paralysis" mode where you're staring at a blank sheet of paper and going, "duhhh...." I am experienced in programming, but if I can't see the architecture in my head then my thought process really isn't all that effective.

Brian
Posted
Comments
BillWoodruff 25-Sep-14 4:27am    
I suspect someone here can help you (not I) if you define what "uses Dependency Injection, Inversion of Control, provides token persistence" each means in the context of the LogIn process. As in: use DI for ... what ?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900