Menu
I'm updating my website at the moment and figure that if I am to update my login/security mode, now is a good time.
I have looked through the Membership model which is included in ASP.NET but I'm not convinced that it will provide any benefit apart from being familiar to other .NET developers.
There seems to be quite a lot of documentation for it, but little discussion for why its worth the effort.
Can anybody shed some light upon this?
519
ASP.NET security works in conjunction with Internet Information Services (IIS) security and includes authentication and authorization services to implement the ASP.NET security model. ASP.NET also includes a role-based security feature that you can implement for both Windows and non-Windows user accounts.
The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.
Authorization: It is the process of checking that the user is applicable for the process or not. Membership providers in ASP.NET MVC. Roles based authentication for user in ASP.NET MVC.
This is because if your application is not tested and validated against security threats right from the initial stages of development, it may fail to protect valuable corporate data and resources from malicious attacks.
I see little benefit to using membership for a large site. This has been marketed as 'the' solution for ASP.Net authentication. However, really it looks like Microsoft is just trying to position the old Membership Server product as soemthing that everyone all of a sudden needs.
I worked on Membership Server at Msft around 10 years ago. Was also a lead developer on shop.microsoft.com, and I can tell you we used no internal server products on that site--not commerce server, not membership server. Not sure how they are doing it now--but I think the general consensus at that point was that those type of packages generally got in the way of what we were trying to do.
It could be useful for a smaller site, or if you have limited resources... i.e. a few hundred users for a departmental or small company intranet, where you don't want to invest much time or resources. The more I look at it, the more it seems completely inappropriate for larger, custom web sites.
What I really don't understand is how almost every ASP.Net book seems to push this as the only way to do it, rather than one way to do it.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
