9

In this video Ayende criticizes the host for using asp.net membership. If asp.net membership is not good to use - what is? In the video Ayende did not mention what else you could use but just pointed out that asp.net membership should not be used. Do you know what other good alternatives are out there for asp.net membership?

Luke101
  • 63,072
  • 85
  • 231
  • 359

1 Answers1

7

Ayende has 'strong' opinions. :-) I'd suggest the suitability of ASP.NET membership really depends on what you're trying to achieve. This question shows some pros and cons and some ideas of working in alternatives. The point is it is very extensible so you can use as much or as little of it as you want.

Personally, I'm having a lot of fun with FluentSecurity just now, although it is targeted at MVC specifically.

EDIT: Another question on this, and another.

Community
  • 1
  • 1
Holf
  • 5,605
  • 3
  • 42
  • 63
  • 3
    I would agree with with Holf, Ayendes opinion is in fact, an 'Opinion'. His opinion will contain reasons for not using and implementing the build in ASP.NET Membership feature, it probably just doesn't cater for the unique project/scenario he wants to create. It is my opinion that the membership feature is an outstanding OUT OF THE BOX feature ready to use and has the necessary encryption I need for my own projects. It has unique email feature, password reset and retrieval and loads more. I use the asp.net membership because the time it would take me to code the same features would be too much – Kev Jul 30 '13 at 20:27
  • 2
    So just to finish off and summarize on my previous comment : In the programming world there is no single solution for every developers needs , every project is different and the requirements are different. This is a great example. The asp.net membership may be overkill for client A's requirements where it may not offer all the solutions for Client B. For Client C it could be perfect. Or you could choose to use just the features you need for Client A and C. Its up to you as the developer to see if it satisfies your project requirements and security requirements. Hope this is useful info :) – Kev Jul 30 '13 at 20:41