开发者

Using OpenID for site administration

So I've read over several questions here about the pros and cons of using only OpenID for your website/app. Every question I read seemed to be in the context of OpenID for your users/visitors. What I am considering is using it for the administrative portion of the web app as well.

Is this nuts?

It seems counter productive to go with OpenID only for the consumer facing portion of our web app (to both decrease dev time and reduce sign up friction) but then spend the time to build authentication/authorization system for the administrative portion of our app.

The administratio开发者_StackOverflow社区n with OpenID would be implemented with a white list in the DB so not just anybody could stumble into the admin area and start making changes.

I've also toyed with the idea of breaking the administration (FWIW it's implemented as an ASP.NET MVC area) totally out of the app and into a secondary locked down VPN connection but that seems extreme.


I've done the same thing with OpenID. In my scenario a user has to be manually granted administrative privileges. But as far as infrastructure goes, everything else is identical to the way a typical user's login works.

As long as you can trust the OpenID providers that your administrator(s) are using, then I think it's reasonable enough to do this.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜