Answer the question
In order to leave comments, you need to log in
ASP.NET MVC & Authorization\Authentication & Membership\Role Provider?
How useful is the use of Membership + Role Provider in conjunction with ASP.Net MVC?
Are there more appropriate authorization/authentication schemes for ASP.Net MVC?
What would you recommend to read in this direction?
ps I would like to know what schemes are used in various cases (roles and rights are stored in the database, in a file, a dynamic system of rights, etc.). That is, which ones are currently used in conjunction with ASP.Net MVC (v3)
Answer the question
In order to leave comments, you need to log in
It depends entirely on the project.
If this is something like a social network with hundreds of thousands of users, then your solution will most likely be more productive.
If you need to write fast, then it's safer to use built-in providers than to fence your decisions.
A separate point will be the fact that built-in providers are very difficult to overlay with tests.
The classic ASP.NET Authorization\Authentication scheme + the declarative approach of marking controllers/actions with the AuthorizeAttribute attribute.
The main difference from the classic ASP.NET is that the entire URL is compared there, while in MVC controllers / actions are compared, i.e. You can set your own access level for each action. For example, one group of users will only be able to view the content, while the other group will be able to edit it.
For example, see the article Understanding Authentication and Authorization
Asp.net mvc allows you to override membership, role and profile providers
This chapter was very helpful to me:
metanit.com/sharp/mvc/11.1.php
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question