Assuming that you disallow anonymous logins, if you create an implementation of the IEntityLoginManager interface on the server, you must return an IPrincipal which exposes an IsAuthenticated property. Does this IsAuthenticated property effect the behaviour of the EntityManager at all, or is it just a value to be referenced manually in code?
The reason why I ask is thus; say we have a username and password for the user to enter on the login screen and they have forgotten their username (not that unlikely!). Say we have some "Forgotten your username?" and "Forgotten your password?" links, we want these to be able to prompt the user for some other data, like their e-mail address, and be able to look up the required information in the database. Obviously this requires a connection to the server, so could I log in and return an "unauthorized user" to then use to lookup the relevant user data? If so, is there a "best strategy" for limiting the access of this unauthorized user?