Home/ Questions/Q 6529311
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T09:37:16+00:00

I want to write a web application and I am trying to figure out

  • 0

I want to write a web application and I am trying to figure out what are my possibilites regarding user Authorization and Authentication, for what i read so far:

  1. using asp.net membership and role management
  2. using oauth or openId controls
  3. implementing myself this portion (this looks like a lot of hard work and i am not sure if its worth it)

What do you recommend or if you can link to more information regarding this issue

thank you

Doron

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using ASP.NET MembershipProvider, ProfileProvider and RoleProvider is the best solution IMO as it makes your application plug-able, works with the framework, and it forces a nice layer of abstraction.

    I don’t recommend using the static classes to access the providers, I would always take a dependency on the provider directly through DI and keep things testable.

    var service = new UserService(Membership.Provider);
service.MyUserAction("myusername");

// rather than

var user = Membership.GetUser("myusername");
...

    OAuth or OpenId can be used to complement and extend a basic forms implementation, allowing users to login through other providers, but then map to a local user so that you can store additional meta data.

    You don’t really have to use the providers to take advantage of ASP.NET authentication, making use of the auth cookie through FormsAuthentication.SetAuthCookie is a nice shortcut for post authentication.

    Rolling your own is a bad idea. The built it mechanisms are not fool proof, but it’s a solid base implementation that avoids the basic gotchas that most people fall for. Never use Session for any authentication or authorisation logic as it’s highly insecure.

    • 0