asp.net user Authorization and Authentication [closed]
I want to write a web application and I am trying to figure out what are my possibilites regarding user Authorization and Authentication, for what i read so far:
- using asp.net membership and role management
- using oauth or openId controls
- implementing myself this portion (this looks like a lot of hard work and i am not sure if its worth it)
What do you recommend or if you can link to more information regarding this issue
thank you
Doron
Using ASP.NET MembershipProvider, ProfileProvider and RoleProvider is the best solution IMO as it makes your application plug-able, works with the framework, and it forces a nice layer of abstraction.
I don't recommend using the static classes to access the providers, I would always take a dependency on the provider directly through DI and keep things testable.
var service = new UserService(Membership.Provider);
service.MyUserAction("myusername");
// rather than
var user = Membership.GetUser("myusername");
...
OAuth or OpenId can be used to complement and extend a basic forms implementation, allowing users to login through other providers, but then map to a local user so that you can store additional meta data.
You don't really have to use the providers to take advantage of ASP.NET authentication, making use of the auth cookie through FormsAuthentication.SetAuthCookie is a nice shortcut for post authentication.
Rolling your own is a bad idea. The built it mechanisms are not fool proof, but it's a solid base implementation that avoids the basic gotchas that most people fall for. Never use Session for any authentication or authorisation logic as it's highly insecure.
加载中,请稍侯......
精彩评论