PDA

View Full Version : Authentication question



hlogmans
11-18-2002, 09:36 AM
I want to authenticate users, but i don't want them to be able to enter the information themselves. Is it possible to send the authentication info immediatly without user interface?

I want the users to register on a website and then have a special code sent to them and a value registered on their computer (by the program). When they want to get an update, they are automatically authenticated with this code and their email address.

Is this possible? And how?

Chris Woerner
11-18-2002, 10:26 AM
The short answer is "no".

The long answer is that we are headed there. We are planning to offer a server side setting that tells the Update Service where to read the information for authentication (instead of having the customer type it).

There are two key questions in our minds:

1. We need to find the information quickly. This limits us to reading a registry key or possibly a section of an ini file that was installed with the application (so we know where it is installed). Where do you store the code and email?

2. There is a question of privacy when you are reading data from the user's PC. We are considering showing the data that will be sent, if the customer desires. Would this work for you, or shoud the code never be shown?

hlogmans
11-18-2002, 10:53 AM
Data will be stored in the registry during installation.

It is OK to show the information to the customer. It will probably consist of the following information:

user name and company, and emailadress and installation date.

Just to make sure the user registered on the site with valid (and confirmed) date. The code consists of the installation date and time (encrypted) to detect and prevent people using the same account. If someone tries to update his version but the installation time/date differs then the update is refused and an email is sent explaning what happened. On the website using account details someone can refresh his installation date (once in a month or so).

If making new features, maybe the update service should be able to handle an url passed by the authentication-function when an update is refused. So different messages can be displayed for different situations.