Should an application handle user credentials?

I think the answer is ‘no’ or ‘only under special circumstances’ (see Exceptions below) but would be interested in your comments. By ‘own credential management’ I mean have own store of user names AND passwords and code to challenge users for the credentials, create them, reset passwords, etc. The alternative I am recommending is for the application to use […]

ASP.NET WebForms OAuth2 multi-tenant resource and WPF client

Most published WebAPI samples (e.g. are based on the MVC and OWin infrastructure, which is not available in WebForms applications. Following is a custom implementation of an OAuth2 access token handler presented by a WPF rich client application. The WPF is responsible for managing the OAuth code grant flow to obtain the token and present […]