Menu
I want to allow anonymous/not yet registered and registered users to post on my website.
Posts (table)
- Id (int)
- Subject (nvarchar)
- Body (nvarchar)
- UserId (uniqueidentifier)
The project uses the latest MS technologies (ASP.NET MVC 5+, C#...) How should I go about doing that?
Is ASP.NET Identity even the right solution?
What's the difference between these:
- ASP.NET Identity
- SimpleMembership
- Membership Provider
Update I need to be able to differentiate not yet registered users and record their postings in the database.
Update 2 Then have the option to migrate to a registered account. Just like how stackoverflow used to allow anonymous users. Something like this but compatible with ASP.NET Identitfy http://msdn.microsoft.com/en-us/library/ewfkf772(v=vs.100).aspx
309
Therefore, you can rest assured you are secure against attacks with AES-128 and HMAC SHA-256. However, as with any encryption or hash algorithm, it will all boil down to how secure your key is.
ASP.NET Identity is the membership system for authentication and authorization of the users by building an ASP.NET application. ASP.NET Identity is the membership system for authentication and authorization of the users by building an ASP.NET application.
ASP.NET Core Identity is a membership system that enables you to add login functionality to your application, allowing visitors to create an account and login with a user name and password from Facebook, Google or other external login providers.
The AllowAnonymous attribute in MVC is used to skip the authorization which is enforced by Authorization Filter in MVC. [AllowAnonymous] public ActionResult NonSecured() { return View();
ASP.NET Identity is the newest revision of authentication in ASP.NET. It's predecessor was SimpleMembership, which itself was an attempt to improve on the old ASP.NET Auth. Membership providers are not a separate kind of authentication system, but instead, a way to bootstrap ASP.NET Auth or SimpleMembership with additional functionality. If you had a particular login scenario not covered by the defaults, you could create a membership provider that would allow ASP.NET to interface with that system.
ASP.NET Identity supercedes everything else, and does not use membership providers. Instead, it's provides a very extensible foundation for authentication that through the use of standard APIs allows you to customize authentication in pretty much any way you like. It also has much more robust support for OAuth and external signin providers, and interfaces better with things like Active Directory, especially the Azure version in the cloud.
If you're starting on a new project go with Identity. Saying that it will remain for the forseeable future is a bit dangerous with Microsoft's seeming flavor-of-the-week approach to authentication in the past, but from my personal experience working with it, they seem to have finally gotten it right. I think you'll only see refinements and improvements going forward, rather than complete replacements.
128
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
