tags:

views:

127

answers:

1
Q: 

Membership.Provider And Asp.NET MVC2: Do I Really Need it?

I see a lot of articles and posts on how to create a custom MembershipProvider, but haven't found any explanation as to why I must/should use it in my MVC2 web app. Apart from "Hey, security is hard!", what are critical parts of the whole MembershipProvider subsystem that I should know about that I don't, because I've only read about how to override parts of it? Is there some "behind the scenes magic" that I don't see and will have to implement myself? Is there some attribute or other piece of functionality that will trip over itself without a properly setup MembershipProvider?

I am building a web app, using a DDD approach, so the way I see it, I have a User entity and a Group entity. I don't need to customize ValidateUser() under the provider; I can just have it as a method on my User entity. I have to have a User object anyways, to implement things not under the MemebrshipProvider?

So, what gives? :)

A: 

No, you don't need it. I have sites that use it and sites that don't. One reason to use it is that plumbing is already there for it in ASP.NET and you can easily implement authentication by simply providing the proper configuration items (and setting up the DB or AD or whatever).

A RoleProvider, on the other hand, comes in very handy when using the built-in AuthorizeAttributes and derivatives. Implementing a RoleProvider will save you a fair amount of custom programming on the authorization side.

tvanfosson  2010-08-21 04:03:48
In my opinion implementing some sort role provider is not that difficult. What I use now is less than 50 lines of code including custom authorization attribute.
Necros  2010-08-21 16:41:33
@Necros - I didn't say it was hard, just that it's already hooked into the AuthorizeAttribute. Maybe what you're objecting to is the chararacterization of it as a "fair amount". To me, having to implement your own attribute when you could just use the existing one with a suitable role provider implementation qualifies.
tvanfosson  2010-08-26 20:30:47
I ended up not using it in this particular instance, but mimicking it closely.
alphadogg  2010-09-15 03:52:34

related questions

Data Transfer Objects, Domain Objects and Repositories
Are we all looking for the same IRepository?
Accessing more than one data provider in a data layer
Getting String Sets into Presentation Layer
Opinions wanted: is it better to connect, or disconnect, the entities in the domain model?
Entity Perspectives
Domain Driven Design - Logical Deletes
DDD and Asynchronous Repositories
How to avoid an anemic domain layer and still have rich validation and business rules
Domain Specific Languages (DSL) and Domain Driven Design (DDD)
Are there any open source projects using DDD (Domain Driven Design)?
Implementation example for Repository pattern with Linq to Sql and C#
Where can I find good Domain Driven Design resources?
Transform .HBM model to annotated pojos
What is domain driven design?
Multi tenant architecture and NHibernate
.NET Domain-Driven Design with C#
data access in DDD?
Value vs Entity objects (Domain Driven Design)
Companies doing Domain driven design
Entities and Value Objects in Web Applications
How to convince my co-workers not to use datasets for enterprise development (.NET 2.0+)
Lazy Loading with a WCF Service Domain Model?
WCF - Domain Objects and IExtensibleDataObject
Am I allowed to have "incomplete" aggregates in DDD?