All Visual Studio blogs in one place

AddThis Social Bookmark Button
We're continuing the ASP.NET Authentication series (yes, I'm doing a few overlapping series, and yes, it's making me dizzy). The previous post covered Global Authentication and Allow Anonymous. This one continues with a simple tip that can be summed up as follows: keep it simple by extending rather than rewriting. I see a lot of questions that involve unnecessary complications, and very often it's due to customizing authentication and authorization. For example, developers see that the AuthorizeAttribute won't work for their case, so they start to write a lot of code - using HttpModules, custom view engines, injecting
authentication services and sprinkling authorization service calls throughout their controllers, etc. Sometimes that's necessary, but it's rare. Most of the time you can handle things with either a custom membership provider, a subclassed AuthorizeAttribute, or both. Craig Stuntz summed this up well in a blog post back in 2009: If you are developing a web application which requires authentication or security features not included in the regular ASP.NET membership feature, you might decide to implement these features yourself. But it seems as if the first instinct of many ASP.NET MVC developers is to...(Read whole news on source site)



Enter your email address:

Delivered by FeedBurner

Increase your website traffic with


Anti-spam: How many eyes has a typical person?

Follow us on FB

Home : Blog List : Jon Galloway : ASP.NET MVC Authentication - Customizing Authentication and Authorization The Right Way