Almost every web application these days requires some form of user authentication and login process and there are many articles, blogs, tutorials and web casts out there that will prattle on about the difference between authentication and authorisation.
Truth be told most developers don’t care. They just want a way to allow their users to login securely.
Right now you have three real options:
- Microsoft’s Membership Provider
So which is the best? This really depends on your situation and what you need it to do.
If you are developing an ASP.Net Web forms application that uses the built-in membership controls then the MS Membership Provider, either SQLMembershipProvider or a home-grown one, will likely be a good choice since it was designed to work flawlessly with the membership controls.
If however you’re developing an MVC web application and you just need a simple “register, login and roles” system then SimpleMembership would likely be adequate.
On the other hand, if you want a system that is extensible, with lots of room to develop it to your own needs and none of the bloated, leaky inheritance that the MembershipProvider model comes with (including SimpleMembership) then you should certainly think twice about using MembershipProvider and take a look at BrockAllen.MembershipReboot.
It’s even available via NuGet Package Manager.
Beware though, the documentation is a little out of date. Your best bet for getting up and running with it is to clone the GitHub repository and take a look at the sample applications. In particular I found that the “SingleTenantWebApp” was extremely useful.
Now I’ve done it a couple of times I find that I can have a skeleton application setup with user registration, login and all the relevant extra pages (i.e. reset password, etc.) within an hour or two.