开发者

asp.net user Authorization and Authentication [closed]

开发者 https://www.devze.com 2023-04-02 08:42 出处:网络
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references,or expertise, but this question will likely solicit debate, a
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question 开发者_开发技巧 can be improved and possibly reopened, visit the help center for guidance. Closed 11 years ago.

I want to write a web application and I am trying to figure out what are my possibilites regarding user Authorization and Authentication, for what i read so far:

  1. using asp.net membership and role management
  2. using oauth or openId controls
  3. implementing myself this portion (this looks like a lot of hard work and i am not sure if its worth it)

What do you recommend or if you can link to more information regarding this issue

thank you

Doron


Using ASP.NET MembershipProvider, ProfileProvider and RoleProvider is the best solution IMO as it makes your application plug-able, works with the framework, and it forces a nice layer of abstraction.

I don't recommend using the static classes to access the providers, I would always take a dependency on the provider directly through DI and keep things testable.

var service = new UserService(Membership.Provider);
service.MyUserAction("myusername");

// rather than

var user = Membership.GetUser("myusername");
...

OAuth or OpenId can be used to complement and extend a basic forms implementation, allowing users to login through other providers, but then map to a local user so that you can store additional meta data.

You don't really have to use the providers to take advantage of ASP.NET authentication, making use of the auth cookie through FormsAuthentication.SetAuthCookie is a nice shortcut for post authentication.

Rolling your own is a bad idea. The built it mechanisms are not fool proof, but it's a solid base implementation that avoids the basic gotchas that most people fall for. Never use Session for any authentication or authorisation logic as it's highly insecure.

0

精彩评论

暂无评论...
验证码 换一张
取 消