This project has moved and is read-only. For the latest updates, please go here.

Some thoughts on Authentication

Jul 21, 2009 at 10:38 PM
Edited Jul 21, 2009 at 10:44 PM

I am working with you library and noticed that in the Desktop Authentication there is no way to prevent the URL from being launched -- have you given any thought to making this a conditional execution -- maybe based on a boolean property? 

I am also curious if you would consider the same type of request for the UsernamePasswordAuthorization class -- allowing a property to be set to indicate if the password prompt should be used or not.

 The reason behind the requests is that I am looking to create a non-interactive background application (windows service and or WCF service) and both of these features require user interaction.

I noticed you might be thinking along these lines with one of the more recent checkins which includes the MvcOAuthAuthorization -- the only issue with this is that it breaks my build as I do not have Mvc installed.

Jul 22, 2009 at 3:33 PM

Hi Ravensorb,

The dialogs appear only on first launch.  After that the necessary authorization credentials are cached in the local user account so it can be non-interactive from then on.

What would you do instead of prompting the user for credentials?  Get the credentials some other way, or just display the public feed without ever collecting credentials?

(The latter scenario, if broken, is a non-intentional omission... I definitely didn't mean to break public access w/o credentials).

Jul 23, 2009 at 2:15 AM

So the problem with this is the it means the library can only be used in an application that is running interactively -- what about running as an NT service in the background or in a WCF call or in an ASP.NET server control.  Non of these can display a windows forms dialog which is what the Kerr library seems to be doing. 

Since it is possible to pass in credentials, am was a little surprised to see that the library provided this functionality.  What about providing an event that the call can subscribe to and implement their own "request for password".  That way it can be retrieved from anywhere (data store, data base, user, etc).

Jul 23, 2009 at 2:29 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Jul 27, 2009 at 3:58 PM

Any thoughts on the the comments I left in the work item?