2
votes

looking for some feedback on the built in membership and roles management for ASP.Net 2.0.

Do many people use it? What is good and/or bad about it? Can I assign multiple roles to a single user? What is the alternative norm for .Net apps?

I personally like the idea of having defined permissions or actions to a role. Seems like if I could only assign a single role to a user and I wanted roles to inherit permissions from each other it would be a huge headache to manage using teh built in membership manager.

If I had the following roles..

Publisher Editor Member

and I wanted the Editor to have some the permissions that the Publisher and the Member had plus some of it's own, in my code It would be harder to determine if the current user can edit something rather than just have a list of permissions pulled in by a role and just checking to see if "Edit Article" is in the list.

1

1 Answers

1
votes

The built-in membership provider is very easy to use, and it's fairly secure. I've used several versions of it in different projects. The great thing about it is that if it doesn't do EXACTLY what you need it to do, you can always just extend it. The built-in Identity object has roles, they're easy to access, store, compare against.

If you're using .Net and you need a fast, prepackaged, reasonably secure authentication source, you can't really go wrong with the built-in membership provider. If you need more security, just take what they give you and make it a little more hard-core. It's even fairly easy to integrate the existing membership authentication with an LDAP store if you have one.