Here on the Data Services team we hear many people ask about authentication. Questions like:
The answer to these questions, depends a lot upon scenario, in fact each authentication scenario presents unique challenges:
As you can see lots of questions.
And there is a real risk that people will get their answer wrong.
So over the next month or so we – the Data Services team - are going to write a series of blog posts detailing our findings as we investigate common OData Authentication scenarios.
It’s hard to know exactly where this series will take us, because that will probably evolve as we explorer the space. We’ll learn as we go – and hopefully you will too – as we document the key distinctions and lessons that we learn along the way.
And then finally when we are done we will publish a whitepaper (or three) summarizing our findings and recommendations.
So stay tuned…
Oh and please let us know if you have any Auth scenarios you want us to explore. Alex James Program Manager Data Services Team Microsoft.
Great to see you're putting this series together, auth is always one of the most difficult things to get right (and *know* that you're doing it right).
One scenario that I'd like you to cover is auth using a 3rd party directory service. More specifically I'm thinking Facebook Connect. WLID (or the upcoming Messenger Connect) auth would also be handy.
This is our scenario: an existing ASP.NET applicaiton where authentication is handled using FormsAuthentication (ie cookie-based). The requirement now is to include RIAs (eg Silverlight with OData calls) which can run under the existing web-forms single sign-on.
Thanks for the fine series of blog posts on authentication. Have you completed the whitepaper yet? Also, where are WCF Data Services with respect to OAuth 2.0 and HATEOAS?
Handle authorization from Dallas Service on windows phone 7