#43 Forms Authentication XML issues

[Robert Brinton]

The XmlAuthenticate method does not compare
usernames, it finds the first authenticated account with
the correct password.

Add a (login.user == user) to the comparison

It appears that work was started on password
encryption, but that the work was not completed.

If the call to register new users will store the result from
HashPasswordForStoringInConfigFile in the login
structure before it is added to the list, we can make
that call here as well and just compare the hash.

This does make manual maintenance of the user file
more difficult. It would be possible to add a user
administration interface for administrators to use.

It does make it more difficult to 'tell a user what his
password is' should they forget. This might then call for
a 'reset my password' interface.

[Yann Schwartz]

Logged In: YES
user_id=785251

I'm working on this. Changes should be commited to CVS this
week-end.