Here at TrueNorth like most developers we make use of FREE open source components. Even if when you start creating something you intend to make it reusable, you cannot just make it open source and useful to someone. Just being on GIT or CodePlex does not necessarily mean people can reuse it without much help.
open sourcing modules and components does take time.
We have written a Authentication module for MVC sites that allows you to store user credentials in CRM. I have seen this done before but for many projects but not in a reusable manner and not CRM centric.
CRM Centric? what does that mean?
Well, all data is stored in CRM: user details, password and security roles.
When the user requests a password reset a “tn_passwordResetRequest” entity record is created (this name might be shortened, no entity name will be harmed during this process). This record contains the reset url. This allows you to… well do whatever you want! It’s CRM so you can easily trigger a workflow. We expect the main usage would be to send an email to the user in question. (This reset URL will only work ONCE, and if the user record is change the URL will no longer be valid)
Passwords are hashed in CRM, if you wish to change a users password you don’t need to jump through hoops. Just enter a new password in the PASSWORD field within CRM, don’t worry it will be hashed and stored securely. Alternatively, the user can reset their own password via the MVC application, in this case it is hashed on the web server and just written directly to CRM.
We hash with salt and a configurable amount of interactions, following best practises for password storage.
We don’t do anything clever to make all this happen, really we don’t.. the only clever thing we have done is built this on top of the OWIN MVC authentication standards.
What’s next to make this open source ready? We intend to document it, package up the CRM bits into a free solution for the market place, and add the code to GIT or codeplex.