As an organizations develops applications to solve business problems they often end up with authentication silos. A series of mechanisms that are used to control access and manage authentication - each most commonly self contained within the respective application. The problem with this methodology is that it gets cumbersome to manage and provision as well as generally a frustration to users.
As our organization faced this problem our team elected to design a new authentication mechanism that could easily be reused and extended. We set out to author a webservices based mechanism that could easily be referenced in any .net application as well as be back-ported into legacy applications through account synchronization. This mechanism would need to provide methods for authentication, account management as well as applications specific functionality for profile based options.
In the end we ended up with a solution that is extensible to a great degree using the administration user interface. If new optional functionality needs to be added to an application using this mechanism for authentication and rights management these options can be provisioned within the user authentication system with ease.
This was a fun project be a part of and has proven to be a step in the right direction for our development team. If you have any questions about this project please reach out to me.