开发者

Are there more modern Membership/Security implementations than ASP.NET Membership Provider

I have used ASP.NET 2.0 Membership Provider in the past for sites with Forms authentication.

I'm working on a new site in ASP MVC 3, and I'm curious if there are any more modern, better, more secure, membership/security implementations than the .NET 2.0 Membership Provider built in to .NET 4.0, or Open Source, etc.

If they exist, what kinds of security goodies do they support?

I've read this question and answers and I understand the benefits for using a built-in solution but I'm curious if 开发者_运维百科there have been any major improvements since .NET 2.0's built in solution.

I don't want to "roll my own" because of the risks involved in getting it wrong.

Thanks.


I haven't heard of anything more secure over the shipped asp.net providers, however, I do like using Altaris Web Security.

What I liked best about these guys is the deployment is much simpler that the shipped providers, alternative storage methods (plain-text or XML files, handy for small intranet sites with no roles to implement) to a dead-simple three-table implementation of the SqlMembersipProvider.


There is also WIF (Windows Identity Foundation), wich leverages SAML tokens to perform federation identity. This approach allows you to externalize your Identity requirements to an external and specialized platform.

While the solution proposed by Rocjoe is designed for simple and small applications, WIF is designed to simplify big ones.

Personally, I like the modularity and separation provided by WIF.

However, be aware that deploying an Identity Federation platform can have a quite steep learning curve, and requires an SSL certificate. It can be worth the investment however.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜