Re: High Level Question

From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 26 Jun 2007 04:53:13 +0000 (UTC)

That's an excellent question!

The one important point here is - membership is not made for extensibility. If the membership feature does 100% what you need - go for it. If not - there is no point in doing providers for providers sake.

You cannot add additional data to the memership table (at least not in a clean way) - that's what profile is for.

That said - another fact is that MS is integrating membership/roles into a couple of products (WCF, IIS7, Sharepoint) - and if you plan to use them in the future - you can easily integrate your auth logic...

I would say if you have a working implementation already think about two things

a) just use what you have (and works)
b) write a thin wrapper around some of your existing functionality using membership/roles - just enough to enable RAD tools and reuse...

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

I'm trying to decide if we should use the ASP.Net 2.0 authentications
tools or role-our-own forms authentication as we always did (with
little work) in 1.1 apps. what I'm afraid of is that we will get
stuck on a cul-de-sac as we sometimes do using those "no code
required" tools.

I see I can define users and roles and access to folders but can I add
my own data about the users - for instance I would certainly need
their employee number or maybe other things about them such a which
fields they can see on the payroll file. Can I do this? Is this what
Profiles are for?

Are there any gotchas in these tools? ( I know there are no gottchas
in the role-our-own solution).

Thanks,
Gary Blakely

References:
- High Level Question
  - From: GaryDean

Prev by Date: High Level Question
Next by Date: Re: How to run aspnet_regiis.exe with on site other than w3svc/1?
Previous by thread: High Level Question
Index(es):
- Date
- Thread

Relevant Pages

Re: Best Approach for Membership / Profile Information
... the Membership table. ... my calling membership.create user and get the other fields saved by ... I want to display their name on my master page. ... However, since Profile is not ...
(microsoft.public.dotnet.framework.aspnet)
Best Approach for Membership / Profile Information
... I've created a custom login control with values that are not used in ... the Membership table. ... I want to display their name on my master page. ... However, since Profile is not ...
(microsoft.public.dotnet.framework.aspnet)
Re: "Unable to connect to SQL Server database" error when using profile
... Membership and Profile are two completely separate sections in the ... but custom profile and role providers. ... This is where I get an error: Unable to connect to SQL Server database ...
(microsoft.public.dotnet.framework.aspnet)
Re: Profile not saving
... Unless the email is also the user name, or you are using a custom profile provider, you are not pulling up the user. ... I am using asp.net20 membership. ... in my update profile code i have ...
(microsoft.public.dotnet.framework.aspnet)
Re: Roaming Profile cannot be cached, Why?
... I checked the membership, and no one is in the Guests group. ... of the Guests group then their profile will be ... and cannot find the cached profile. ...
(microsoft.public.windows.group_policy)