Bitcoin Forum
June 19, 2018, 01:31:21 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: ASP.NET Membership Provider?  (Read 715 times)
Hero Member
Offline Offline

Activity: 742
Merit: 500

View Profile
June 22, 2011, 11:36:15 PM

So I figured I'd ask since you all seem to be a security-minded bunch and there are probably a bunch of programmers hanging about.

For my day job I've recently dusted off my C# hat to write some ASP.NET stuff for our intranet site and today for the first time, they didn't want an Active Directory based single-sign-on for a particular page. Now I've never used anything else via ASP.NET - it's basically the only reason I dust off the C# hat at all - super easy to do SSO in ASP.NET, giant pain in PHP.

Anyway, I found the whole process surprisingly easy. I've got a SQL database configured and secured, bumped up the hashing algorithm to SHA512, enforcing password complexity was as simple as setting a couple flags in Web.config... This is way too easy, right?

So aside from the troll-ish replies involving such classics as "Microshit" "Microshaft" "Micro$oft" etc. how good or bad IS the security built into ASP.NET's Membership Providers? Just glancing at the database it *seems* like they've done everything I would've done by hand but it also *seems* like it'd get used a lot more if it were all that secure.

Is it just a cost-of-entry thing? Anti-Microsoft sentiment? Or is it actually broken in some way I've yet to identify?
Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!