开发者

What to use for Custom Account Control in ASP.NET MVC

I'm creating a custom authentication service (I just need more than the default allows). I can't decide if I should extend MembershipUser and implement the appropriate interfaces, or completely roll my own. Is there any advantaged to rolling my own, or any pitfalls I shou开发者_开发技巧ld be aware of when extending the default mechanism?


How far from defaults are you?

If your needs are far apart from what MembershipProvider gives you, I suggest you go with your own. I personally haven't come across an application that connected to an existing data store. So we would be adding another application to it. Hence I find MembershipProvider way over engineered. Authentication/Authorisation usually also doesn't take too much time to develop and you control it completely. If it does take a lot of time it's probably also far from what MembershipProvider gives you.

But if your requirements are close to MembershipProvider, then you should consider it. Either as it is or derive from it on your own. But beware. This may take more time than delivering your own, because you will have to learn it through and through.

Security management requirements

If you go with MembershipProvider (or your own inherited class) you also get IIS integration so it's easy to manage security settings of your application. If you roll your own, you'll have to provide an interface for that as well which may take a considerable amount of time.


Implement MembershipProvider abstract class. I have an implementation with XML as datastore right here, if you need it.

http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx?queryresult=true


Its always good fun to write your own provider but it depends on the security needs of the application you are building.

Most occasions when I have had to implement my own provider.

  • Using an orm such as nhibernate.
  • No database so requried to use flat xml files.
  • I had to build a system that required a more extensive role-permission system than the membership classes provided.

Good thing is you can switch between different providers if you need too..

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜