ASP.Net中的身份验证表单 [英] Authentication Form in ASP.Net

问题描述

我正计划为我的系统创建登录表单.使用内置在身份验证和角色管理中的ASP.NET还是创建自己的方式更好?哪个更好更方便?我希望允许管理员(一群人)创建用户并将角色分配给该特定用户.是否有可能..?也许这个问题很愚蠢，但感谢您的帮助.

I am planning to create Login Form for my system. Is it better to use ASP.NET built in Authentication and role management OR create my own way? Which is better and convenient? I want the administrator (Group of people) to be allowed to create users and assign roles to that specific user. Is it possible..? Maybe the question is silly but appreciate your help.

推荐答案

不要不要创建您自己的身份验证系统！

Do NOT create your own authentication system!

身份验证是构建似乎能够正常工作的 容易的事情之一.甚至通过了一套严格的单元测试—但是实际上存在细微的缺陷，直到被黑客入侵六个月后您才能发现.

Authentication is one of those things where it's easy to build something that seems to work — even passes a rigorous set of unit tests — but is actually flawed in subtle ways that you won't find out about until six months after you get hacked.

最好的办法是尽可能选择所选择平台提供的身份验证功能.如果平台尚未提供合适的产品，请找到合适的现有第三方选项.您想要的是经过考验的东西； 何时发现一个漏洞(总是存在一些漏洞)的原因很可能是由于别人的系统(不是您自己的系统)出现故障，您可以在站点被发现之前应用供应商补丁对其进行修复.真的很妥协.

The best thing to do is lean as much as possible on the authentication features provided by your platform of choice. If the platform doesn't already provide something suitable, find an existing third-party option that is suitable. What you want is something that is battle-tested; that when a flaw is discovered (there always are some) it's likely because of a break on someone else's system, not your own, and you can just apply the vendor patch to fix it, before your site is really compromised.

这篇关于ASP.Net中的身份验证表单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！