tags:

views:

405

answers:

3
+5  Q: 

New site creation and security/authentication,- should I use ASP.net Membership Provider?

There seem to many ways to skin this particular cat - but which is the best and easiest to implement. It would seem that the ASP.net Membership Provider is the one that will save more time, so my questions are:

  1. What are the pros/cons of Membership?
  2. How do you integrate the auto generated user db with your own custom made db? e.g customers/orders/products db. (We are talking MS Sql here BTW)
  3. Where can I find a good tutorial thats up do date?

Many thanks.

+5  A: 

Membership is lightweight and easy to set up. You can also use the various providers to use Active Directory or some other member location.

You shouldn't need to integrate the databases, you can use one to authenticate users and then as long as they are valid, go query another database for the data. This is a good way to keep information seperate for security reasons.

For a good tutorial, I'd suggest: http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

And if you want to create your own membership provider: http://www.asp.net/learn/videos/video-189.aspx

Tom  2008-10-02 13:17:34
+1  A: 

Tutorials - there are a series of good tutorials on the ASP.Net site. We have used the membership provider facilities, and have it integrated with our database - we use the "user name" value as a foreign key to our own tables with additional "business" information.

The system works well with minimal coding.

Ken Ray  2008-10-02 13:19:54
+3  A: 

Overall I give it a thumbs up, but there are several minor cons I can think of:

  • Roles are just strings, there's no way to attach additional information to them without rolling your own code.
  • Some of the Login controls don't set their default button properly, so hitting the "enter" key while in an input field does nothing. You can fix this by setting it yourself.
  • No default way to require numbers in a password, just symbols.
  • Login controls w/ SqlMembershipProvider don't display specific "user is locked out" messages.

Either a con or a pro, depends on your point of view:

  • User names are case-insensitive in the SqlMembershipProvider
Greg  2008-10-02 13:37:40
You could add a regular expression to require numbers by setting the passwordStrengthRegularExpression attribute.
Even Mien  2009-04-16 16:33:07
User names are not case sensitive in the SqlMembershipProvider.
Jim Evans  2009-05-27 15:00:32

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?