User Login
As a [Registered User], I want to [Log In], so I can [accomplish my time tracking task].
The page to support this story should have the following components:
Scenarios:
Success - valid user logged in and referred to dashboard.
Failure - display Invalid Login Text
The page to support this story should have the following components:
- User ID Textbox
- Password Textbox
- Invalid Login Text (hidden until needed)
Scenarios:
Success - valid user logged in and referred to dashboard.
Failure - display Invalid Login Text
- User not found: "Please contact system administrator."
- Invalid Credentials: "Invalid credentials, please try again."
Leave a comment
on 2010-10-20 14:52 *
By jasongbarnes
Description set to As a [Registered User], I w...
Priority changed from Normal (3) to Highest (1)
Status changed from Accepted to New
Summary changed from d to User Login
on 2010-10-20 14:55 *
By jasongbarnes
Description changed from As a [Registered User], I w... to As a *[Registered User]*, I...
Please estimate. A amazing GUI is not key at this point.
I was thinking about this story (User Login), and I know it is too early to discuss it in details, but perhaps it is good to start discussion about the security model that we are implementing
I noticed from our main documentation, that we mentioned WIF.
Which means we are going to a security model, where we implement kind of federations, where we integrate with the clients authentication.
Like for example, if we have a company that want us to read their Active Directory.
I will start by adding a document on the "Federation Security Model" in WCF , and how WIF can help us integrate it into WCF and Windows Azure.
I noticed from our main documentation, that we mentioned WIF.
Which means we are going to a security model, where we implement kind of federations, where we integrate with the clients authentication.
Like for example, if we have a company that want us to read their Active Directory.
I will start by adding a document on the "Federation Security Model" in WCF , and how WIF can help us integrate it into WCF and Windows Azure.
on 2010-10-25 15:35 *
By jasongbarnes
I am strong on the technology area but I have good experience in customer needs on a hosted application. What I have seen customers (other companies) requesting is for seamless transitions between one to another. So here is a list of situations I have seen requested.
In the end, the hosted application needs to be flexible. We can't choose some methodology that forces the client using the hosted application to have active directory or some other proprietary scheme. At the same time, the hosted application should be able to add easier integration to clients that do have Active directory.
- Straight login page (end user uses hosted app to login supplying all information).
- A company gives the user a button to post some information to the hosted application (user still supplies validating credential, password?).
- A company authenticates the user, and just passes them to the hosted application (via whatever they use, it may be active directory or it could just be a login page on their site).
In the end, the hosted application needs to be flexible. We can't choose some methodology that forces the client using the hosted application to have active directory or some other proprietary scheme. At the same time, the hosted application should be able to add easier integration to clients that do have Active directory.
http://azuresecurity.codeplex.com/
http://wag.codeplex.com/
Have a look at these resources and see what makes sense. I fully support the adoption of a claims-based system with perhaps a library of security providers.
There's one security example at the WAG site that looks like what we're proposing here. Azure is very different than just a hosted solution and we should know what the best practices are before making a decision. I also agree that we should not include a dependency on external proprietary infrastructure. Clients such as mobile phones and future platforms will likely not be connected to the enterprise AD domain.
Thanks for your input!
http://wag.codeplex.com/
Have a look at these resources and see what makes sense. I fully support the adoption of a claims-based system with perhaps a library of security providers.
There's one security example at the WAG site that looks like what we're proposing here. Azure is very different than just a hosted solution and we should know what the best practices are before making a decision. I also agree that we should not include a dependency on external proprietary infrastructure. Clients such as mobile phones and future platforms will likely not be connected to the enterprise AD domain.
Thanks for your input!
on 2010-11-23 15:17 *
By jasongbarnes
Assigned to changed from jasongbarnes to gkar68
Status changed from Accepted to New