Just wondering what the best practice for handling login/user authentication in mvc3 would be. Better to use the built-in membership such as:
[HttpPost]
public ActionResult Register(RegisterUser model)
{
if (ModelState.IsValid)
{
// Attempt to register the user
MembershipCreateStatus createStatus;
Membership.CreateUser(model.UserName, model.Password, model.Email, null, null, true, null, out createStatus);
if (createStatus == MembershipCreateStatus.Success)
{
FormsAuthentication.SetAuthCookie(model.UserName, false /* createPersistentCookie */);
return RedirectToAction("Index","User");
}
else
{
ModelState.AddModelError("", ErrorCodeToString(createStatus));
}
}
return View(model);
}
or something more simple and custom such as making your own cookie to avoid having to use the pre-packaged database structure each time?
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
user.UserName,
DateTime.Now,
DateTime.Now.AddMinutes(10),
false,
null);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
this.Response.Cookies.Add(cookie);
Personally I agree with the approach taken by Stack Overflow in providing two ways to register directly via Stack Exchange and OpenId / OAuth access; Google, Yahoo, Facebook, Twitter, etc.
When providing your own registration I would stick with either the ASP.NET Membership provider or a similar one made available via NuGet.
When using OpenId and OAuth I’ve had great success with DotNetOpenAuth. Refer to Andrew Arnott’s detailed answer the benefits and justification for using OpenId: To OpenID or not to OpenID? Is it worth it?