tags:

views:

100

answers:

3
+2  Q: 

MembershipProvider in asp.net

What is the MembershipProvider really used for? Do I need it at all? While using forms authentication I never specified any membership provider in the config file, i've been authenticating users by calling FormsAuthentication.SetAuthCookie. I've been reading quite a lot about it yesterday and I can't figure out why would i use it?

+3  A: 

The MembershipProvider is first of all a pluggable, standardised repository. If you base your authentication on MembershipProvider, you can later exchange it with another provider with no changes to your web site. Also, it is supported by standard components (the Login, LoginView, LoginStatus, LoginName and PasswordRecovery controls), and can be administered through the ASP.NET administration pages.

Tor Haugen  2009-09-18 07:24:52
but do i HAVE to use it? or can i authenticate my users successfully without even knowing whar membershipprovider is?
agnieszka  2009-09-18 07:28:40
Of course you don't have to. It's there for your convenience. All you need to do forms authentication is some code to check the username/password and call the FormsAuthentication methods.
Tor Haugen  2009-09-18 07:44:45
+3  A: 

It is a very handy thing as Tor already said.

If you use the default controls for usermanagement/login/password reset etc, then you can just change a web.config setting, and your users are able to use another mechanisem to authenticate.

There are providers for AD, for SQL Server for ADAM, for Federrated Login and some more. It is not that important when you develop an intranet application, since you will most likely rely on NTLM or kerberos, but when you publish to the web it gets quite handy.

There is also a 2nd component to this provider, the roleprovider, which is another repository that can be used to handle roles in your application

Heiko Hatzfeld  2009-09-18 07:31:28
+2  A: 

I don't think its that useful if you don't use the built in controls.

What you can do is just implement a membership provider with all methods throwing NotImplementedException, and implement as you find out what methods are actually used. Its just 2 or 3 if i remember correctly.

The RoleProvider is more useful, i use a provider with just the GetRolesForUser method implemented, so i can use the built in support for role-based authorization.

AndreasN  2009-09-18 07:45:53
Yes, the controls help, but I think its usefull since it also stores the passwords hashed and provides methods for resetting the passwords etc
Heiko Hatzfeld  2009-09-19 01:25:03

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps