posted 19 years ago
Here is some reasons why we control authentication with a filter:
The modification to web authentication will allow us to provide seemless single sign on integration between the rich client and the web client. The current implementation requires multiple authentication into the server. This is prohibited in a OTP (one time password) scenario where the credentials are invalidated after the first authentication request. By managing the authentication ourselves, we can maintain both the web and rich client authentication within a single authenticated server session.
If the authentication process is controlled by us, we can invalidate a users web session outside of the normal timeout periods. This will enable additional features for user administration such as kicking users out of the application while they are currently within a valid session.
In addition, we will be able to gather additional information on the login page, an assured single point of entry into the application, that can be leveraged throughout the application. For example, timezone offset can be gathered at that single point of entry and used to provide localized dates and times throughout the application.
No more rhymes! I mean it!<br /> <br />Does anybody want a peanut?