Step 05 of 10 2 weeks· advanced
Step 5: Design Authentication
Plan the move from Windows Authentication (typical for WinForms) to web auth (OAuth / JWT via an IdP).
Recommended prompts
Use one of these to do the work in your IDE
Open the template to read it in full. Click Copy prompt to grab it (with your stack values pre-filled where they apply) — then paste into Claude Code, Cursor, or wherever you build.
Recommended skills
Drop these into Claude Code for this phase
Skills auto-trigger on the right kind of request. Install once; they apply to every prompt that fits.
Recommended MCP configs
Wire these tools into Claude Code first
MCP servers give Claude Code direct access to external systems (Jira, browsers, databases). Configure once.
When you're done
Verify these in your own work before moving on
This is a checklist for you to mentally tick off in your repo and IDE — the site doesn't track it, you do.
- Auth strategy documented at /docs/migration/auth-strategy.md
- Identity provider chosen with rationale
- User-identity migration plan (if moving from AD)
- Role / permission mapping designed (AD groups → JWT claims)
- MFA strategy
- Logout / session-timeout policies
Common pitfalls
What goes wrong at this step
- Trying to keep Windows Auth — possible with Kerberos middleware but complicated; usually better to move to OAuth
- Rolling your own IdP — almost always wrong; use Azure AD / Auth0
- Forgetting role mapping — Windows AD groups don't automatically translate to JWT roles
- No MFA plan — internal apps suddenly facing the internet need MFA