Authentication component options for large .NET websites

Question

What do large websites built in .NET use for their login components?

I will be implementing the login and membership features of a large .NET web application. As I see it, there are 4 options:

1. Leverage the default Microsoft Membership Provider
2. Build a custom Membership Provider
3. Use a different 3rd Party Component
4. Build an entirely custom login/authentication framework

I am trying to optimize for reliability, so I would like to know if sites like MySpace or PlentyOfFish have already established a best practice in this area. The real motivation for this question is I want to validate that the MS Membership Provider strategy will scale well.

I know StackOverflow uses OpenID, but I don't think that would be a good solution for what I am working on as a lot of my prospective users will be non-technical. Feel free to pitch why OpenID should be considered if you believe strongly in it.

Answer 1

Always rely as much as possible on platform-provided tools for security tasks such as authentication.

In this case, that likely means inheriting from one of the stock MembershipProviders. That will let you re-use all the existing code for the provider, plus any tweaks you need to make it work with your existing system. It's possible you can find a 3rd party component that works well for you that already does this.

Answer 2

I'll suggest MemberProtect.net as a solution to consider. It's our user authentication & data security product primarily used on secure asp.net websites within the financial industry.

You can check it out at http://www.memberprotect.net If reliability is one of your primary concerns, then MemberProtect is a very good choice as it is a mature product and well trusted.

Jason