tags:

views:

520

answers:

3
+3  Q: 

Recommendation for third party Asp.Net membership providers

I am working on a web application that has strict security and auditing requirements (HIPPA stuff). So we are evaluating whether we should build our own custom membership and role providers or whether there is a commercially available component that we can buy.

If you have any experience (good or bad) with third party Asp.Net membership and role providers please share your thoughts.

UPDATE: We have started evaluating the following third party components:

Port Sight Secure Access: http://www.portsight.com/Products.aspx?AliasPath=Products/Secure Access/Secure Access&CultureAlias=en-US

and Visual Guard: http://www.visual-guard.com/

Anybody know of any other third party components or have any experience with these?

+1  A: 

We have always implemented our own and made it as secure as needed (worked on some HIPPA apps).

http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx

http://blogs.iis.net/rakkimk/archive/2008/04/11/asp-net-using-the-same-encryption-method-used-by-activedirectorymembershipprovider-to-encrypt-secret-password-answer-and-store-it-in-ad.aspx

AboutDev  2009-12-21 19:20:40
+1  A: 

I've created my own membership providers and it was a good experience. One was for MySQL, and another was a dynamic provider that delegates to other providers at runtime. It's really nice being able to plug these providers into any app and configure them from the web.config.

Most of the information I needed was found here:

I also implemented a custom MembershipUser:

How to: Implement a Custom Membership User

And here's a handy reference diagram of the ASP.NET Membership Database Schema (ASPNETDB.mdf) automatically generated by VS:

ASP.NET Membership Database Schema

Here's the blog post it came from:

ASP.NET Membership Schema

Andy West  2009-12-21 19:44:34
A: 

We have been implementing and using VG for our .NET applications and so far we are happy with it.
The most important benefits is that we have a central place to manage the authentication and the authorizations for all the company. We wanted everything to flow through a centralized security hub.

And now with the new version, we plan to implement it for our Java applications. I guess this link shows the basic infos about the version for multi technologies: http://www.visual-guard.com/EN/user-management-authentication-iam-rbac-access-control-security/identity-role-permission-audit

MAdams  2010-01-05 15:40:06

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps