I have been programming for a long time, but I am not the most experienced developer in the world. I recently took a project that uses authentication on their sites. At first I looked at forms authentication in .NET 1.1, and at that time it had some limitations due to which I decided not to use it as my main authentication form.
This project requires users to have roles (which I understand supports forms authentication) and group membership. For example, “User A” is the “Administrator” for “Company A”. Does form authentication support currently support this user structure?
I also read that forms authentication sends passwords in plain text. This client does not use SSL. It's true?
The current code base uses forms authentication, but does not support groups (it supports roles). Therefore, I need to either modify form authentication to support the required groups, or remove form authentication, and use the authentication system I use. If forms authentication supports groups and is reasonably secure, I have to stick with this. If forms authentication has security problems or does not support groups, then I need to delete this authentication form.
I searched the internet for an article on the pros and cons, but no luck. What do you guys think?
source
share