views:

34

answers:

2

ASP.NET provides a basic set of Login Controls that integrate with the ASP.NET Membership and Forms Authentication providers. I wouldn't mind being able to skip re-inventing the wheel on this kind of functionality, but I'm wary that there may be security, performance or usability reasons to consider rolling my own. Are there?

+1  A: 

I used to ask the same question myself.

From the answers I got, the login controls are very good and security wise its pretty good too.

I think its when you want custom functionality things start to get a little bit difficult. If you want a basic sign in, no fuss then the built in membership will do the job well. To be fair, its actually quite complex, you can have group permission etc.

Despite its robustness, most devs that I've asked prefer to build their own, it just makes their life much easier should they need to tailor the login process to their own needs.

There's no real right/wrong answer for this..

Dal
A: 

The intrinsic login controls are quite robust and provide deep integration into the plumbing of the provider stack.

If your question is "are they weak or brittle?" the answer is a solid NO.

Unless you have a very compelling reason to re-invent the wheel you would be doing yourself a favor by using what is provided.

A surprising degree of customization can be achieved using the exposed events of the controls.

If you have a very complicated use case and/or are concerned about re-use of any customizations that you have made, only then would I suggest diverting resources to this task.

Sky Sanders