Answer the question
In order to leave comments, you need to log in
How do you implement authorization in ASP.net MVC?
Share how you do authorization. Pluses and their minuses. Well, preferably with links to implementation examples.
Answer the question
In order to leave comments, you need to log in
I use SimpleMembership because it is simple for me, I know it more or less, plus it is quite light and flexible. But with the release of MVC5, it is recommended to use, as the commentator above suggested, ASP.NET Identity. I didn't work with him.
I definitely do not recommend using the old Asp.Net Membership, because in its volume and optimization it is simply monstrous.
ps Here is a very useful link on the subject of authorization. It helped me a lot at one time and still helps me now
kevin-junghans.blogspot.ru
Good afternoon!
I'm using the standard Membership API. To be honest, so far I have not noticed any errors in his work / glitches or strange behavior. I have not analyzed the sql code described in the Membership API stored procedures, and therefore I cannot talk about its "monstrosity", but for me personally it has the following advantages:
1) you can quickly deploy it using the aspnet_regsql utility
2) you can use that the utility to configure its installation in such a way as to install only what you need (either everything, or only profiles, or roles, etc.)
3) there is a lot of information on working with it (which cannot be said about Identity, in any case case, I did not find books with Identity, which would describe in detail the principles of working with it)
4) it is quite simple and easy to work with in code (you can read in detail in the books " Microsoft ASP .NET 4 with C# 2010 examples for professionals " and " ASP.NET MVC 3/4 Framework with C# examples for professionals ", especially the first book, which mainly talks about ASP.NET WebForms, describes in great detail authorization, authentication, membership, roles, profiles - yes, everything that is in ASP.NET, so this book is worth reading. ASP.NET MVC, and the basics of membership, authorization, roles, and other things are no longer there.)
But there are also disadvantages:
1) it uses the standard database schema - "dbo". To make it friends with other schemes, you need to write your own, custom membership provider.
2) in several sources I heard that he, as Alexey_Gagarin said, is "mostruose", that the sql code used in stored procedures is not optimized. I repeat, I have not tested it, but for now its functionality is quite enough for me.
Good luck!
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question