View Single Post
Old April 23rd, 2008, 11:25 AM
planoie's Avatar
planoie planoie is offline
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts

As always, the answer to both questions is: "it depends".

== User management ==
If you already have database architecture in place for user management then you need to use that. So in that case the "best practice" would be to "stick with what you already have". If you're building something new, then using the built in ASP.NET membership services is the logical choice as it's in place, tested and has controls that support it already. You can build custom providers that membership services can consume so you can use the controls and functionality built into ASP.NET but have it be based on a preexisting data infrastructure. Someone on my team has done that but I'm unfamiliar with it myself.

== Authentication ==
You'll need to choose the authentication methodology based on what the target audience is for this app you are working on. If it's internal and on a domain based server you could use windows authentication. If it's an internet facing app, then you are basically limited to forms auth (cookie based) with a login page.