What alternatives are there for asp.net forms authentication?

Question

We are developing a web app that will have a pretty complex user and permission system.

The general idea is that we have 3 levels of security:

• a simple user - that can only access basic data that is in a data repository
• a manager - that can open up data repositories
• a superuser - that can open up repository factories.

each repository contains various data types(text, images, etc etc).

We are looking for authentication methods that will allow us: 1. Scalability. 2. Customization. 3. To create permissions that will effect the GUI + deny access to certain pages. 4. To create predefined roles - that will allow for easy setup of new users. 5. To create custom roles for specific users - allowing them permission sets that are different from the predefined roles.

Thanks in advance

Answer 1

What you are telling in this post is an exact description of the type of thing granted by the ASP.NET Membership system, why not use it?

Answer 2

You can do everything you require using the built-in ASP.NET Membership, Roles, and Profile functionality. I recommend checking out Scott Mitchell's excellent series of articles on how to use and customize this functionality.