I heard that the hashing algorithm for asp.net membership is sha-1, but I've seen in most articles that it is no longer safe, also I would like to know if most professional developers are using asp.net membership or do they come up with their own solution/ implementation with regards to login, authentication, authorization of their system/projects.
Does asp.net membership really provide a secure and robust solution for login, authentication, authorization of web applications? :)
The reason why I'm asking is I would like to know if developers are really using it in their projects.
Sir/Ma'am, Your answers would be of great help.
If I am writing internal applications with a modest number of users then I usually rely on asp.net memberhsip. Its familiar, I know how to get it up and running quickly. Other developers also know it reasonably well so it doesn't need explaining. Its also usually desirable for the organisation to be in control of user accounts.
On the other hand, if you were creating a public site and needed to authenticate users before making contributions (eg. stack overflow), you might want to think about implementing OpenId so users don't have to create a new account with your domain. They could use Google/Facebook/Twitter instead. There are libraries to get you started.