With the increasing need of using third party services, such
as e-commerce, convention registration, web content management, etc.,
transferring user (customer) data from our database to a third party service
provider becomes more frequent and more complicated. Due to different data
storage infrastructures and security restrictions, there is no direct
communication between our database and the third party database. One way to
transfer data is to develop a scheduled data sync process which generates data
files (text files) and sends our data to the third party at certain time
interval. This seems to be straight forward and simple. But it has several
fundamental issues as listed below that cannot be easily resolved.
Sooner or later Data becomes out of sync.
Changes occurring in our database cannot be transferred to the
third party until the next scheduled run. Therefore, the third party database
is not up to date.
There is a need to create a different data transfer mechanism for
each third party due to different business requirements. It is difficult to
manage the multiple data sync processes.
Each third party has its own authentication process. Our users
end up with several sets of user names and passwords. This is inconvenient for
users and often confusing.
Cross site authentication (form authentication) and data
transfer use a “single sign-on” approach in which the user is always brought to
our authentication site to sign on. After being successfully authenticated, the
user is then redirected to a third party site where the third party application
calls our authentication web service to confirm the user’s authentication
status and to retrieve a complete set of user data to update its database.
In this article I will share one methodology using ASP.NET
form authentication with the development communities. Certainly there are
better ways to do this than what I am about to discuss here. Please feel free
to send your feedbacks. I would like to learn from you as well.