Search code examples
asp.net-mvcsecurityasp.net-mvc-4registrationuser-registration

How secure is the default Internet Application Template

I'm programming a website where the users should have the ability to register/login & -out.

I have some questions about the Internet Application Template.

  • Is it secure to start from a default ASP.net MVC 4 application with Internet Template?
  • Is the Internet Template good enough to use in a real world app?
  • Are there any issues known about it?
  • What are the pros and cons of Microsoft's Internet Application Template?
  • Are there other user registration systems which can be integrated with ASP.net MVC 4?
Solution

  • Internet template is using Asp.Net Membership provider which has enough security. You can secure whole website

    Using AuthorizeAttribute you can secure by Global.asax or Controller

    Global asax option

    in Globa.asax

    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new AuthorizeAttribute());
}

    Then all your controllers will ask for logging if users are not, to allow anonymous you can use

     [AllowAnonymous]
 public ActionResult Index()
 {
     return View();
 }

    Other way you can use Authorize attribute on controllers or actions

    [Roles = "Admin, User"]
public class HomeController : Controller
{
    public ActionResult Index()
    {
        return View();
    }
}

    Even in views you can show hide if user are not authorized

    @if(Request.IsAuthenticated){
Html for logged in user
}else{
You are not logged in
}

    If you use that template it has build it register form which you can use. More info about