.net – User authentication and authorisation in ASP.NET MVC


What is the best method for user authorisation/authentication in ASP.NET MVC?

I see there are really two approaches:

  • Use the built-in ASP.NET authorisation system.
  • Use a custom system with my own User, Permission, UserGroup tables etc.

I'd prefer the second option, because User is part of my domain model (and I have zero experience with ASP.NET's built-in stuff), but I'd really like to hear what people have been doing in this area.

Best Solution

There is actually a third approach. The asp.net membership functionality is based on the provider model. You can write a custom provider, thus being able to provide your own implementation for how the data is stored, but retaining much of the benefit of asp.net membership.

Some articles on the subject: