To learn ASP.net I started building a todo web app(web forms not MVC), this is essentially helping me in learning how ASP.net works, during this course I have also learnt about the authentication modules provided by asp.net, and to my understanding it is fairly complex unlike what I’ve seen in PHP (A very limited experience in PHP)
Is it a good practice to have your own authentication module without using the traditional model provided by asp.net. By indicating my own authentication module I even want to discard the custom membership provider and have a normal implementation. In few scenarios, you don’t require much information,
As in my application,
-
I’m planning of having only
username, password, and email
address. Thats it that serves the
purpose for me. In this scenario,
how should I go about designing the
app? -
In few other scenario’s you require
much more than what the
CreateUserWizard provides. How
should I go about designing this scenario?
Thank you.
This is a bad idea. You don’t have to implement everything included in the asp.net membership system. If all you want is username, password, and e-mail, that’s all you need to use.
ALWAYS lean as much as possible on your platform’s security code. You don’t want to try to write this kind of things yourself, because it’s so easy to write something that seems to work in testing but still has a glaring hole for crackers that you won’t ever find out about until 6 months after your site is breached and all your customer’s personal information was stolen.