That extra XWord Info Log In

Did you notice that you recently had to log back into XWord info for no apparent reason? Here’s the explanation. Note, this post gets increasingly technical, so feel free to bail when you get bored.

TL;DR: Just log back in when you’re asked, and everything will work fine.

Programming the crossword-friendly ENIAC.

What happened?

The short answer is, we switched our underlying authentication system. This code handles user accounts and passwords and logging on and making sure you have access to everything you’ve paid for. Consequently, you got logged off the old system and you had to re-enter your name and password credentials. (If your browser auto-fills, you just had to hit Enter.)

Many files had to change for this switch to work, and it’s possible, even likely, that things broke. Please let us know if you find any bugs.

So, why?

When XWord Info was created, it used the best authentication system available for our C# code at the time, called ASP.NET Membership. That was a long time ago, and Membership is no longer well-supported. Instead, everyone (Facebook, PayPal, Google, Apple, etc.) supports systems based on the open standard called OAuth. There are advantages (it’s more secure, it interoperates with everyone) and disadvantages (it’s not trivial to use), but it’s supported, and it works, and it sets us up for growth in the future. We already had some OAuth code in use. PayPal uses it to tell us when people purchase or upgrade accounts.

Every few years, as we add more resource-hungry features and we acquire more users, we look at upgrading our infrastructure. We run on multiple servers now, and things mostly hold together fine. Still, reliability isn’t what we’d like, and performance (how fast the page you request gets calculated and displayed) is mostly good but sometimes not.

Unfortunately, the next step up is a big one. We’d need to move to one of the vast cloud-infrastructure operations like Amazon Web Services or, more likely, Microsoft Azure. They don’t support the old authentication system, though, so any thought of upgrading requires a switch to OAuth first. So now we’re on OWIN, the OAuth implementation for ASP.NET, and the sky’s the limit.

Your thoughts?