View Single Post
 
Old April 25th, 2008, 02:46 AM
robzyc robzyc is offline
Friend of Wrox
 
Join Date: Mar 2007
Location: Hampshire, United Kingdom.
Posts: 432
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi Peter,

Thanks again for the reply. I will have to look into creating my own service provider, from the sounds of it, it will make the roll out a lot easier if it can tie in directly to the controls? I am currently working by consuming the events the controls raise and then working from there.

From the security POV, we really need to be working over SSL for the login process then yes? I am concerned about the login form submitting the password in plain text, is there no other way to secure this? I mean, if we hash it before sending using JScript and that is intercepted, is it possible for it to then be spoofed? (I am thinking maybe hash and salt with the users IP or something, if the requesting IP is not as expected, then login may have been compromised?).

As for the architecture of it all, you are right, I kinda threw the exceptions in as a hack and I try not to raise exceptions wherever possible. The ReturnArgs sounds nice, and of course leads room for extensibility. The callback delegates sound really nice! Especially coupled with something like SuccessArgs/FailedArgs, you could have plenty of room for movement, as well as a clean logical "if" in the code. Thanks! :)

I am finding this an interesting topic of discussion, thanks :)

Rob
http://robzyc.spaces.live.com