Why should I choose ASP.Net security over a custom implementation

HI guys,

We alw开发者_StackOverflow中文版ays in our projects implement our own custom login by coding (login, recover, change,...), ASP.NET already have it, but the team leader always ask for a custom login.

I need someone to clarify to me as he is not arguable.

thanks

Simple - time, money, security.

Why spend time and money redesigning, implementing, testing and maintaining as system for which there is already a tested and mature infrastructure that doesn't cost a dime and is very easy to customize?

And consider the scope of the problem domain. There are hundreds of very diverse classes required to capably implement a robust security system. Do you really want to expend the effort to produce a system that is as secure?. There are thousands of man hours , end user feedback, testing etc to support the improvement of the asp.net providers.

What do you want to do? Use a session cookie? ;-)

Do you have people in your company with a better skills and experience as Microsoft has?

Has your company better understanding of ASP.NET, .NET and authentication problems as Microsoft has?

Has your company more financial and people resources and Microsoft has for ASP.NET development?

If you really has a form of Single-Sign-On implemented in your company or another not a solution using proprietary way, then you should describe this in your question. ASP.NET and WCF has a lot of customization possibilities. For example look as http://msdn.microsoft.com/en-us/magazine/ee335705.aspx about Using Active Directory Federation Services 2.0 in Identity Solutions. Other identity solutions are also possible.

You should not invest your energy in inventing of wheel or bicycle. Just use existing invention.