Are there more modern Membership/Security implementations than ASP.NET Membership Provider
Question
I have used ASP.NET 2.0 Membership Provider in the past for sites with Forms authentication.
I'm working on a new site in ASP MVC 3, and I'm curious if there are any more modern, better, more secure, membership/security implementations than the .NET 2.0 Membership Provider built in to .NET 4.0, or Open Source, etc.
If they exist, what kinds of security goodies do they support?
I've read this question and answers and I understand the benefits for using a built-in solution but I'm curious if there have been any major improvements since .NET 2.0's built in solution.
I don't want to "roll my own" because of the risks involved in getting it wrong.
Thanks.
2 answers
solution1
4 2011-05-30 20:47:37
I haven't heard of anything more secure over the shipped asp.net providers, however, I do like using Altaris Web Security .
What I liked best about these guys is the deployment is much simpler that the shipped providers, alternative storage methods (plain-text or XML files, handy for small intranet sites with no roles to implement) to a dead-simple three-table implementation of the SqlMembersipProvider.
solution2
2 ACCPTED 2011-05-30 21:16:11
There is also WIF (Windows Identity Foundation) , wich leverages SAML tokens to perform federation identity. This approach allows you to externalize your Identity requirements to an external and specialized platform.
While the solution proposed by Rocjoe is designed for simple and small applications, WIF is designed to simplify big ones.
Personally, I like the modularity and separation provided by WIF.
However, be aware that deploying an Identity Federation platform can have a quite steep learning curve, and requires an SSL certificate. It can be worth the investment however.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.