We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this questionI am working on a web application that has strict security and auditing requirements (HIPPA stuff). So we are evaluating whether we should build our own custom membership and开发者_JAVA百科 role providers or whether there is a commercially available component that we can buy.
If you have any experience (good or bad) with third party Asp.Net membership and role providers please share your thoughts.
UPDATE: We have started evaluating the following third party components:
Port Sight Secure Access: http://www.portsight.com/Products.aspx?AliasPath=Products/Secure Access/Secure Access&CultureAlias=en-US
and Visual Guard: http://www.visual-guard.com/
Anybody know of any other third party components or have any experience with these?
I've created my own membership providers and it was a good experience. One was for MySQL, and another was a dynamic provider that delegates to other providers at runtime. It's really nice being able to plug these providers into any app and configure them from the web.config.
Most of the information I needed was found here:
- Implementing a Membership Provider
- Sample Membership Provider Implementation
- How to: Sample Membership Provider Implementation
I also implemented a custom MembershipUser:
How to: Implement a Custom Membership User
And here's a handy reference diagram of the ASP.NET Membership Database Schema (ASPNETDB.mdf) automatically generated by VS:
Here's the blog post it came from:
ASP.NET Membership Schema
We have always implemented our own and made it as secure as needed (worked on some HIPPA apps).
http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx
http://blogs.iis.net/rakkimk/archive/2008/04/11/asp-net-using-the-same-encryption-method-used-by-activedirectorymembershipprovider-to-encrypt-secret-password-answer-and-store-it-in-ad.aspx
We have been implementing and using VG for our .NET applications and so far we are happy with it.
The most important benefits is that we have a central place to manage the authentication and the authorizations for all the company. We wanted everything to flow through a centralized security hub.
And now with the new version, we plan to implement it for our Java applications. I guess this link shows the basic infos about the version for multi technologies: http://www.visual-guard.com/EN/user-management-authentication-iam-rbac-access-control-security/identity-role-permission-audit
精彩评论