Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are there more modern Membership/Security implementations than ASP.NET Membership Provider

I have used ASP.NET 2.0 Membership Provider in the past for sites with Forms authentication.

I'm working on a new site in ASP MVC 3, and I'm curious if there are any more modern, better, more secure, membership/security implementations than the .NET 2.0 Membership Provider built in to .NET 4.0, or Open Source, etc.

If they exist, what kinds of security goodies do they support?

I've read this question and answers and I understand the benefits for using a built-in solution but I'm curious if there have been any major improvements since .NET 2.0's built in solution.

I don't want to "roll my own" because of the risks involved in getting it wrong.

Thanks.

like image 446
J.r. Hounddog Avatar asked May 29 '11 14:05

J.r. Hounddog


People also ask

What is asp net membership provider?

The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.

What is membership in ASP NET MVC?

Authorization: It is the process of checking that the user is applicable for the process or not. Membership providers in ASP.NET MVC. Roles based authentication for user in ASP.NET MVC.

Which instance holds the user identity in an ASP.NET page?

This instance is of type IPrincipal . IPrincipal is a special interface used to represent different identity types inside ASP.NET. It holds an IIdentity that represents the user identity plus its roles as an array of strings.

What is membership in web config?

The membership element is a sub-element of the system. web section. You can enable ASP.NET Membership for an application by directly editing the Web. config file for that application, or you can use the Web Site Administration Tool, which provides a wizard-based interface.


2 Answers

I haven't heard of anything more secure over the shipped asp.net providers, however, I do like using Altaris Web Security.

What I liked best about these guys is the deployment is much simpler that the shipped providers, alternative storage methods (plain-text or XML files, handy for small intranet sites with no roles to implement) to a dead-simple three-table implementation of the SqlMembersipProvider.

like image 158
Rocjoe Avatar answered Oct 07 '22 19:10

Rocjoe


There is also WIF (Windows Identity Foundation), wich leverages SAML tokens to perform federation identity. This approach allows you to externalize your Identity requirements to an external and specialized platform.

While the solution proposed by Rocjoe is designed for simple and small applications, WIF is designed to simplify big ones.

Personally, I like the modularity and separation provided by WIF.

However, be aware that deploying an Identity Federation platform can have a quite steep learning curve, and requires an SSL certificate. It can be worth the investment however.

like image 29
Eilistraee Avatar answered Oct 07 '22 20:10

Eilistraee