I've read from a few individuals (Simone Chiaretta, Sebastien Lambla) that "you should remove the AccountController" from your ASP.NET MVC apps, but without much reason. I'm currently using it in one intranet site and am working on a second that will be considerably more widely used. What is wrong/bad about the default code that makes it undesirable?
views:
64answers:
1
+1
A:
Simone elaborates in comments. I have to disagree with him a little, though. Correctly implementing an authorization filter is not "easy." The first MVC previews got it wrong! In general, nothing which touches the area of security is "easy." However, the criticism of coupling is valid. Even if you use forms auth -- and you probably should use some off-the-shelf authentication if you're not a security expert -- the coupling is bad.
Craig Stuntz
2010-05-06 17:12:31
So, in your opinion, if one were to take the default example and refactor it to decouple and perhaps provide some separation of control then it would be "mo' better"?
Nick DeVore
2010-05-06 17:40:55
Well, that's what I actually did, so I sure hope so. :)
Craig Stuntz
2010-05-06 18:01:25