I have always stayed away from asp.net membership as it seemed bloated, and (at the time) untestable. In the case of asp.net MVC specifically, does anyone use an alternative solution for assigning roles to users, and storing some addition information for the logged in user? Any recommendation? Is it crazy to just roll your own, just implementing the functionality you need?
+1
A:
ASP.NET membership uses a provider model for the storage. SqlMembershipProvider inherits encrypting/hashing password functionality from the abstract MembershipProvider class. But you could also inherit from MembershipProvider and get that functionality in a custom provider if you wanted.
If you use the SqlMembershipProvider, you get a fully working membership database with full password management (checking, changing, resetting, invalid password attempts) and user management (CRUD ops, locking out users).
All of that is at an API level. You can create whatever UIs you want against the API.
Using the SqlMembershipProvider doesn't require you to use the Roles Provider or the Profile Provider or any of that other stuff, and you can roll your own for those things without impacting membership. At the very least I would recommend using the well-tested SqlMembershipProvider as the core of your security for the basic stuff.
Greg
2010-08-25 12:50:41
I guess the issue with that is when you need to extend it. Or, your existing schema doesn't match the SqlMembershipProvider db.
Roco72
2010-08-25 17:56:15
extending the SqlMembershipProvider could be problematic. Personally I use the SqlMembershipProvider in an application that primarily runs on Oracle. Those tables are just sitting in their own little database not worrying about the main business database and it seems to work well for me.
Greg
2010-08-25 18:59:29
A:
I have successfully implemented DotNetOpenAuth as a membership and role provider. It is not a full implementation but handles most common scenarios.
They provide VS templates to get you started.
Sky Sanders
2010-09-23 04:34:47