Question

Closed. This question is seeking recommendations for books, tools, software libraries, and more. It does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 7 years ago.

Improve this question

I am working on a web application that has strict security and auditing requirements (HIPPA stuff). So we are evaluating whether we should build our own custom membership and role providers or whether there is a commercially available component that we can buy.

If you have any experience (good or bad) with third party Asp.Net membership and role providers please share your thoughts.

UPDATE: We have started evaluating the following third party components:

Port Sight Secure Access: http://www.portsight.com/Products.aspx?AliasPath=Products/Secure Access/Secure Access&CultureAlias=en-US

and Visual Guard: http://www.visual-guard.com/

Anybody know of any other third party components or have any experience with these?

Answer 1

I ve created my own membership providers and it was a good experience. One was for MySQL, and another was a dynamic provider that delegates to other providers at runtime. It s really nice being able to plug these providers into any app and configure them from the web.config.

Most of the information I needed was found here:

I also implemented a custom MembershipUser:

How to: Implement a Custom Membership User

And here s a handy reference diagram of the ASP.NET Membership Database Schema (ASPNETDB.mdf) automatically generated by VS:

ASP.NET Membership Database Schema

Here s the blog post it came from:

ASP.NET Membership Schema

Answer 2

We have always implemented our own and made it as secure as needed (worked on some HIPPA apps).

http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx

http://blogs.iis.net/rakkimk/archive/2008/04/11/asp-net-using-the-same-encryption-method-used-by-activedirectorymembershipprovider-to-encrypt-secret-password-answer-and-store-it-in-ad.aspx

Answer 3

We have been implementing and using VG for our .NET applications and so far we are happy with it.
The most important benefits is that we have a central place to manage the authentication and the authorizations for all the company. We wanted everything to flow through a centralized security hub.

And now with the new version, we plan to implement it for our Java applications. I guess this link shows the basic infos about the version for multi technologies: http://www.visual-guard.com/EN/user-management-authentication-iam-rbac-access-control-security/identity-role-permission-audit

友情链接