Things to Consider in Making an "Account Controller" in ASP.NET MVC 2

I'm making a site using VS 2010 using the Empty ASP.NET MVC 2 template and I'm going to make my own AccountController for the Log-in/Security.

Having the DB ready and taking into account that I need to make the Model for the user account what are 开发者_开发知识库the major techniques or methodologies that I should consider in making my AccountController?

There aren't specific things that you should consider when making an account controller that are different than things to consider when making any other controller.

• design view models
• controller actions such as 2 Login actions (one for GET and one for POST) for respectively showing the login form and handling the form submission.
• if you want to handle things like forgotten password, change password, etc... those could be action to this controller as well.
• when the login is successful and you are using a returnurl to redirect back to where the user initially was make sure you check that this url belongs to your domain to avoid spoofing.
• make sure that the controller action which receives the username and password is accessible only with HTTPS.
• if you are using forms authentication you may take a look at the following article for configuring the cookie for increased security.