什么是在ASP.NET MVC用户授权/认证?
What is the best method for user authorisation/authentication in ASP.NET MVC?
我看到真的有两种方法:
I see there are really two approaches:
使用内置的ASP.NET授权系统。 使用自定义的系统,我自己的用户,权限,用户组表等。我倒是preFER第二个选项,因为用户是我的域模型的一部分(和我的零的经验与ASP.NET的内置的东西),但我真的喜欢听什么人一直在做这方面的。
I'd prefer the second option, because User is part of my domain model (and I have zero experience with ASP.NET's built-in stuff), but I'd really like to hear what people have been doing in this area.
其实是有第三种方法。在asp.net会员功能基于提供者模型。你可以写一个自定义的供应商,从而能够提供自己的实现数据是如何存储,但保留多少asp.net成员的利益。
There is actually a third approach. The asp.net membership functionality is based on the provider model. You can write a custom provider, thus being able to provide your own implementation for how the data is stored, but retaining much of the benefit of asp.net membership.
关于这个问题的一些文章:
Some articles on the subject:
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
http://www.asp.net/learn/videos/video-189.aspx
http://www.15seconds.com/issue/050216.htm
http://davidhayden.com/blog/dave/archive/2007/10/11/CreateCustomMembershipProviderASPNETWebsiteSecurity.aspx