tags:

views:

39

answers:

2
Q: 

On ASP.net authentication models

Hello SO,

To learn ASP.net I started building a todo web app(web forms not MVC), this is essentially helping me in learning how ASP.net works, during this course I have also learnt about the authentication modules provided by asp.net, and to my understanding it is fairly complex unlike what I've seen in PHP (A very limited experience in PHP)

Is it a good practice to have your own authentication module without using the traditional model provided by asp.net. By indicating my own authentication module I even want to discard the custom membership provider and have a normal implementation. In few scenarios, you don't require much information,

As in my application,

  1. I'm planning of having only username, password, and email address. Thats it that serves the purpose for me. In this scenario, how should I go about designing the app?

  2. In few other scenario's you require much more than what the CreateUserWizard provides. How should I go about designing this scenario?

Thank you.

+3  A: 

This is a bad idea. You don't have to implement everything included in the asp.net membership system. If all you want is username, password, and e-mail, that's all you need to use.

ALWAYS lean as much as possible on your platform's security code. You don't want to try to write this kind of things yourself, because it's so easy to write something that seems to work in testing but still has a glaring hole for crackers that you won't ever find out about until 6 months after your site is breached and all your customer's personal information was stolen.

Joel Coehoorn  2010-07-31 18:33:02
I agree completely. I've never had to implement more than 50% of the built in MembershipProvider.
jfar  2010-07-31 18:34:33
@joelThank you for the suggestion, can you give me a reference or an example on how this is implemented?
Chaitanya  2010-07-31 18:38:25
@joel: Thank you I implemented my own Membership Provider, thanks again for the suggestion.
Chaitanya  2010-08-06 17:42:04
+1  A: 

Learn about how to create a custom membership provider, then see why Microsoft guys make it that way.

Actually the provider is a bridge between a User object, and its data stored in the database or another place. So a custom membership provider offers you enough flexibility.

I agree with Joel that write your own authentication code from scratch is bad.

Lex Li  2010-08-01 00:59:38

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?