Custom Authorization/Authentication with Repository pattern

All greetings Anyone can do their implementation Authorization system? Do not use the Membership API?

Of course we could implement custom providers to plug a different database into this framework, as detailed at MSDN, but if my application is going to use a repository pattern for data access, and I’m going to have specific controllers and views for creating/editing users, why should membership and authorization be routed through this other framework?

If yes: I'm just interested in how not to make holes in security. Use FormsAuthenticationTicket? How about IPr开发者_运维问答incipal?

Maybe you have some example or project on codeplex.com on other Authorization/Authentication

I use Kristoffer Ahl's excellent FluentSecurity library to manage authorization in a centralized place in my ASP.NET MVC applications. The thing I like most about it is that it keeps me from forgetting to secure controllers because it throws an Exception when a Controller is accessed for which there is no security policy specified.

Resources:

• Project Website: www.fluentsecurity.net
• NuGet Package: install-package FluentSecurity (see NuGet Gallery)
• Source Code: GitHub » kristofferahl » FluentSecurity