是*不*使用asp.net成员资格提供一个坏主意？ [英] Is *not* using the asp.net membership provider a bad idea?

问题描述

这是一个普遍非常糟糕的主意的不的使用内置asp.net成员资格提供？

Is it generally a really bad idea to not use the built-in asp.net membership provider?

我一直滚我自己对我的asp.net应用程序（面向公众的），真的还没有这样做的任何问题。它的工作原理，并似乎在回避了一层复杂性。我的需求是pretty基本的：一旦设置，用户必须使用电子邮件地址和密码登录，如果他们忘记它，它会通过电子邮件发送还给他们（新的）。安装后还有一点，那需要做的每个用户帐户，但我确实需要存储一些额外的字段与每个用户（全名，电话和其他几个领域等）。所需的登录凭据的用户数量较小（通常只是管理员和几个备份），而其他人使用该网站未经身份验证。

I've always rolled my own for my asp.net apps (public facing), and really have not had any problems in doing so. It works, and seems to avoid a layer of complexity. My needs are pretty basic: once setup, the user must use email address and password to login, if they forget it, it will be emailed back to them (a new one). After setup there is little that needs to be done to each user account, but I do need to store several extra fields with each user (full name, telephone and a few other fields etc). The number of users that required login credentials are small (usually just the administrator and a few backups), and everyone else uses the site unauthenticated.

什么是我可以上错过了一大优势通过跳过asp.net成员资格提供的功能？

What are the big advantages that I might be missing out on by skipping the asp.net membership provider functionality?

推荐答案

滚动你自己的身份验证系统的从不的一个好主意。有这么多的方法来得到它错误仍然看起来的在测试工作，直到当你发现你的网站被破解六个月前一年以后。

Rolling your own authentication system is never a good idea. There are so many ways to get it wrong that still seem to work in testing, until a year later when you find out your site was cracked six months ago.

的总是的精益尽可能通过你的平台为您提供安全code，无论是asp.net或其他任何东西。做到这一点，并且该系统通过与更多的部署中的一个供应商支持，这样的错误可以发现，更容易固定的，即使你有问题，你可以把责任推给供应商当你的老板自带问一下吧。更何况，一旦你过去使用供应商的解决方案，在第一时间，额外部署会更快。这仅仅是做了正确的方式。

Always lean as much as possible on the security code provided for you by your platform, be it asp.net or anything else. Do this, and the system is supported by a vendor with many more deployments so that bugs can be found and fixed more easily, and even if you do have a problem you can place the blame on the vendor when your boss comes asking about it. Not to mention that once you get past the first time using your vendor's solution, additional deployments will be faster. This is just the right way to do it.

在ASP.Net成员资格提供远非完美，但我答应你，这是preferable从头开始构建它。

The ASP.Net Membership provider is far from perfect, but I promise you that it's preferable to building it from scratch.

这篇关于是*不*使用asp.net成员资格提供一个坏主意？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！