I have used ASP.NET 2.0 Membership Provider in the past for sites with Forms authentication.
I'm working on a new site in ASP MVC 3, and I'm curious if there are any more modern, better, more secure, membership/security implementations than the .NET 2.0 Membership Provider built in to .NET 4.0, or Open Source, etc.
If they exist, what kinds of security goodies do they support?
I've read this question and answers and I understand the benefits for using a built-in solution but I'm curious if there have been any major improvements since .NET 2.0's built in solution.
I don't want to "roll my own" because of the risks involved in getting it wrong.
Thanks.
The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.
Authorization: It is the process of checking that the user is applicable for the process or not. Membership providers in ASP.NET MVC. Roles based authentication for user in ASP.NET MVC.
This instance is of type IPrincipal . IPrincipal is a special interface used to represent different identity types inside ASP.NET. It holds an IIdentity that represents the user identity plus its roles as an array of strings.
The membership element is a sub-element of the system. web section. You can enable ASP.NET Membership for an application by directly editing the Web. config file for that application, or you can use the Web Site Administration Tool, which provides a wizard-based interface.
I haven't heard of anything more secure over the shipped asp.net providers, however, I do like using Altaris Web Security.
What I liked best about these guys is the deployment is much simpler that the shipped providers, alternative storage methods (plain-text or XML files, handy for small intranet sites with no roles to implement) to a dead-simple three-table implementation of the SqlMembersipProvider.
There is also WIF (Windows Identity Foundation), wich leverages SAML tokens to perform federation identity. This approach allows you to externalize your Identity requirements to an external and specialized platform.
While the solution proposed by Rocjoe is designed for simple and small applications, WIF is designed to simplify big ones.
Personally, I like the modularity and separation provided by WIF.
However, be aware that deploying an Identity Federation platform can have a quite steep learning curve, and requires an SSL certificate. It can be worth the investment however.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With