I don't like reinventing the wheel, so I'm looking for an existing solution to create a simple authentication system for my application. I experimented for a while using CardSpace or OpenID inside the application, but I canβt convince the management that these will be working solutions. Of course, I could just create a simple login dialog where the username, domain and (hashed) password are stored inside the database table, and I have done this many times. I hate this decision because I consider it simply weak. And I donβt want to spend too much time making the entire system of login to the system as safe as possible, especially since I suspect that there must be existing solutions for this.
So, next to OpenID / OpenAuth and CardSpace, are there any other authentication solutions that can be used from the Delphi / WIN32 application?
Currently, the application will be used by many customers. Most of them are single-user environments, although it is likely that some of them will start having two to five users after adding this authentication system. But we want to support a client who needs to allow about 500 different users in one application. They extend to approximately 100 offices, but they all connect to the same SQL Server database. (MS Access is right now, but we give this user the option to use SQL Server instead.) To make it even more interesting, the client uses Citrix to centralize user systems, and the application has direct access to the SQL Server database. This is not an ideal setting, but again, the client does not pay for it. We just set up a test environment. Proof of the concept that the client will test for us. In the future, the shortcomings will be resolved. But now I need quick solutions, and one of them is a practical authentication system, where I do not need to write a lot of code.
source share