在认证 [英] Authentication in

问题描述

我打算创造登录从我system.Is它更好地使用ASP.NET内置的身份验证和角色管理或创建我自己的方式。其中较好，convenient.May是问题是愚蠢的，但AP preciate你的帮助。

I am planning to create Login From for my system.Is it better to use ASP.NET built in Authentication and role management OR create my own way .Which is better and convenient.May be the question is silly but appreciate your help.

感谢

我希望管理员（组人）被允许创建用户和角色分配给特定user.Is有可能..？

I want the administrator(Group of people) to be allowed to create user and assign roles to that specific user.Is it possible..?

推荐答案

待办事项的不的创建自己的认证系统！

Do NOT create your own authentication system!

认证是这些东西的地方它有一个容易的构建的东西似乎的工作＆MDASH;即使经过一套严格的单元测试＆MDASH;但实际上是有缺陷的，你不会了解直到半年你砍死后微妙的方式。

Authentication is one of those things where it's easy to build something that seems to work — even passes a rigorous set of unit tests — but is actually flawed in subtle ways that you won't find out about until six months after you get hacked.

做的最好的事情是精益尽可能对您所选择的平台提供的身份验证功能。如果平台已经不提供合适的东西，找到一个现有的第三方选项是合适的。你想要的是东西，是经过实战检验;那的时的一个漏洞被发现（总是有一些），这是因为别人的系统，而不是你自己的上破的可能，你可以只申请厂商补丁来修复它，在你的网站是真正受到影响。

The best thing to do is lean as much as possible on the authentication features provided by your platform of choice. If the platform doesn't already provide something suitable, find an existing third-party option that is suitable. What you want is something that is battle-tested; that when a flaw is discovered (there always are some) it's likely because of a break on someone else's system, not your own, and you can just apply the vendor patch to fix it, before your site is really compromised.

这篇关于在认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！