使用开箱ASPNET成员为面向公众的网站 [英] Using out of the box aspnet membership for public facing website

问题描述

如果使用开箱ASPNET成员提供的我不知道，占CONTROLER，数据库模式等。（开箱即用的登录/注册系统作为一个整体）为面向公众的网站就可以了？

I was wondering if using the out of the box aspnet membership provider, account controler, database schema etc. (ootb login/register system as a whole) for a public facing website is ok?

• 我知道有它是不需要很多额外的东西，而是想不必创建一个从头开始，以节省时间


• 我definetly关于延长以适合定制需求计划

是否有任何漏洞或只是一个事实，即有很多不需要的东西，推迟用户呢？

Are there any vulnerabilities or is it just the fact that there's a lot of unneeded stuff that defers users from it?

推荐答案

在我的最后一个项目我都赞成基于WIF解决方案丢弃邻人。上进行身份验证我写encripted会话cookie，它包含用户身份，并在以后使用SessionAuthenticationModule从设置cookie校长。就像一个魅力和我的数据库和用户存储的完全控制。而且它允许像ActsAs，联合会等结果一些复杂的东西
 如果它是公共的网站，也许你会添加一些东西的OAuth与自动注册。这将是你自己的存储架构干净多了。而且会员决定RBAC类型的授权。本人来说，还没有那名行与只是简单的IsInRole看到的项目。

In my last project I have discarded Membership in favor of WIF based solution. On authenticate I write encripted session cookie, that contains user identity, and later use SessionAuthenticationModule to set principals from cookie. Works like a charm and I have full control of database and user storage. And also it allows some complex stuff like ActsAs, Federation etc.
If it is public site, maybe you will add some OAuth stuff with autoregistration. It will be much cleaner with your own storage schema. And also membership dictates RBAC type of authorization. Personaly, havent seen projects that were ok with just simple IsInRole.

这只是恕我直言=）还要注意，.NET 4.5将包括WIF核心。

This is just IMHO =) Also note, that .Net 4.5 will include WIF in core..

这篇关于使用开箱ASPNET成员为面向公众的网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！