The HybridAuthProvider allows the use of multiple USER authentication providers. Some providers are read only, ie LDAP/AD, while others can be writable to a back-end database. I'm looking for feedback on how everyone thinks conflict resolution should work. For example. if multiple providers have the same username, which one should be used to authenticate?
1.) read-only regardless of ordering, then writable providers in order they are listed (ie primary, secondary, tertiary)?
2.) solely based on ordering in the configuration (primary, secondary, tertiary)
3.) another way?