Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

User authentication and authorisation in ASP.NET MVC [closed]

Tags:

.net

authentication

asp.net-mvc

authorization

What is the best method for user authorisation/authentication in ASP.NET MVC?

I see there are really two approaches:

  • Use the built-in ASP.NET authorisation system.
  • Use a custom system with my own User, Permission, UserGroup tables etc.

I'd prefer the second option, because User is part of my domain model (and I have zero experience with ASP.NET's built-in stuff), but I'd really like to hear what people have been doing in this area.

like image 953
Neil Barnwell Avatar asked Feb 07 '09 16:02

Neil Barnwell

People also ask

How does MVC handle authentication and authorization?

For form authentication the user needs to provide his credentials through a form. Windows Authentication is used in conjunction with IIS authentication. The Authentication is performed by IIS in one of three ways such as basic, digest, or Integrated Windows Authentication.

How many types of authentication are there in MVC?

The Authentication is performed by IIS in one of three ways such as basic, digest, or Integrated Windows Authentication.

2 Answers

There is actually a third approach. The asp.net membership functionality is based on the provider model. You can write a custom provider, thus being able to provide your own implementation for how the data is stored, but retaining much of the benefit of asp.net membership.

Some articles on the subject:

http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

http://www.asp.net/learn/videos/video-189.aspx

http://www.15seconds.com/issue/050216.htm

http://davidhayden.com/blog/dave/archive/2007/10/11/CreateCustomMembershipProviderASPNETWebsiteSecurity.aspx

like image 140
Jim Petkus Avatar answered Oct 12 '22 23:10

Jim Petkus

Go with custom. MembershipProvider is way too heavy for my tastes. Yes it's possible to implement it in a simplified way, but then you get a really bad smell of NotSupportedException or NotImplementedException.

With a totally custom implementation you can still use IPrincipal, IIdentity and FormsAuth. And really how hard is it do your own login page and such?

like image 44
Tim Scott Avatar answered Oct 12 '22 23:10

Tim Scott
Sign in to Comment

Related questions

Not sure when to use an abstract property and when not
How can I use enum in C# for storing string constants? [duplicate]
C# Version Of SQL LIKE
How to delete all files from a specific folder? [closed]
Installing Mono 3.x in Ubuntu/Debian
String format currency
Fast and compact object serialization in .NET
How to detect if machine is joined to domain?
Watermark TextBox in WinForms
Regular Expression for password validation
How to change 1 char in the string?
"The test form is only available for requests from the local machine."
Getting full path for Windows Service
Get date of first Monday of the week? [duplicate]
Catch two exceptions in the same catch block?
Why do my array of structs take up so much memory?
Single-assembly multi-language Windows Forms deployment (ILMerge and satellite assemblies / localization) - possible?
LINQ - Query syntax vs method chains & lambda [closed]
How to avoid System.IO.PathTooLongException?
Why is DateTime.Now a property and not a method?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!