ASP.NET MVC Lightweight Login/Registration system

Question

I'm on my first MVC project and am at a point where I need to implement my membership system. I'm not sure whether using the out-of-the-box membership system is a good choice for me given that all I need is a simple login/registration system like the one at Digg. My UserId field is a foreign key to many other tables, which is why I think it might be easiest to use my own database with a single Users table to store id/username/email/password. At the same time I need to allow my users to authenticate via their Facebook or Twitter accounts.

What do you suggest? Should I use an over-simplified system like the one here http://mikehadlow.blogspot.com/2008/03/forms-authentication-with-mvc-framework.html, or should I create a CustomMembershipProvider to use my own DB, or should I use the out of the box solution?

Please share any good tutorials on this topic. Thanks.

Answer 1

The article you posted will be suffucient. However you want to make sure you encrypt the passwords and that you verify that the password HASHES match. Not the passwords themselves.

You will probably also want another field in your table for external id, so your user records could be forms auth based or external id.

Answer 2

Rolling your own security stack is an exercise fraught with peril. It may seem simple on the surface but there are less than obvious issues that will only appear when you are three days in with no sleep.

Do you want to learn MVC or do you want to break your momentum and divide your attention on something that is already implemented for you?

You can always go back and replumb the membership system at a later date.

Just my advice: never roll your own when what is present can serve.