Should I use the built-in membership provider for an ASP .NET MVC application? Should I use the built-in membership provider for an ASP .NET MVC application? asp.net asp.net

Should I use the built-in membership provider for an ASP .NET MVC application?


c# .net asp.net asp.net-mvc dotnetopenauth

Personally, I hate using the ASP.NET Membership provider that's available in the core framework ... when it persists to a SQL SERVER database. All the tables and views are such an overkill for a single website. For a hosting company? .. maybe ... but for all the enterprise sites I've done .. it's been such a fraking overkill and hassle. As to the actual provider interface, etc ... it's very good .. but still very hardcore, etc. An overkill for simple-medium sites, IMO.

So personally, I would use some simple custom code to handle membership persistence for most basic-medium websites.

This then segues to your second question: OpenId. Use Andrew Arnott's DotNetOpenAuth .NET framework -> it litterally Kicks Serious Ass (tm). Using this is independent of HOW you save the user membership data to a repository. Ie. if you go ahead and use the Sql Server + ASP.NET Membership provider, you can still (and should) use DotNetOpenAuth. If you have a simple, custom way to save user details to a database (which is what I do), you can also still use DotNetOpenAuth -- the two are independent of each other.

So, IMO, don't use the overcomplicated ASP.NET Membership + Sql Server stuff but a simple table or two to save your own user details. Next, you MUST use DotNetOpenAuth for any OpenId stuff (StackOverflow uses DotNetOpenAuth to handle their OpenId login).

Good Luck :)

(I'm sure my opnions of the ASP.NET Membership provider + Sql Server to persist that info will cause a few people to nerd-rage, here).

c# .net asp.net asp.net-mvc dotnetopenauth

If you have to ask, you shouldn't be writing your own provider. Doing security well is really hard. Doing it wrong is incredibly easy.

But the good news is that what you want is incredibly common, and there are tested, off-the-shelf tools which already do it. An example is Janrain. There are others, too. Use an existing, proven tool whenever possible.

c# .net asp.net asp.net-mvc dotnetopenauth

Take a look at what's happening with NerdDinner. They've recently (6 months ago) integrated with OpenID, with Google, Yahoo as featured providers. They're still allowing all their 'native' logins as well. Here's an example of a site allowing the user to authenticate in different ways.

If you can mirror some of their functionality, you'd be able to roll in Facebook, OpenAuth, etc. The big benefit is that it's already been implemented in ASP.NET MVC, and you'd just have to borrow some of that implementation.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last