0

I am planning to create Login Form for my system. Is it better to use ASP.NET built in Authentication and role management OR create my own way? Which is better and convenient? I want the administrator (Group of people) to be allowed to create users and assign roles to that specific user. Is it possible..? Maybe the question is silly but appreciate your help.

Joel Coehoorn
  • 399,467
  • 113
  • 570
  • 794
abcd shsu
  • 27
  • 3
  • 11

1 Answers1

13

Do NOT create your own authentication system!

Authentication is one of those things where it's easy to build something that seems to work — even passes a rigorous set of unit tests — but is actually flawed in subtle ways that you won't find out about until six months after you get hacked.

The best thing to do is lean as much as possible on the authentication features provided by your platform of choice. If the platform doesn't already provide something suitable, find an existing third-party option that is suitable. What you want is something that is battle-tested; that when a flaw is discovered (there always are some) it's likely because of a break on someone else's system, not your own, and you can just apply the vendor patch to fix it, before your site is really compromised.

Joel Coehoorn
  • 399,467
  • 113
  • 570
  • 794
  • I want the administrator(Group of people) to be allowed to create user and assign roles to that specific user.Is it possible..? – abcd shsu Nov 19 '13 at 06:56
  • 1
    Sure. But we'd need to know a _lot_ more about your system to tell you what that will look like. You'll need to do more research and begin your own attempt first. – Joel Coehoorn Nov 19 '13 at 14:17