Why should I use ASP.NET Membership security model?

Question

I\'m updating my website at the moment and figure that if I am to update my login/security mode, now is a good time.

I have looked through the Membership model whic

Answer 1

I wrote my own after reading through all the stored procedures in the ASP.NET Membership provider. It's not hard and you have much more control at the end of the day.

If you like XML configuration, weakly-typed strings for roles, insecure by default, random web.config files littered through your directories instead of a clean marker interface on your page classes to say 'no account required', multiple database hits for a single login, user objects that aren't loaded from your current ObjectContext/DataContext and the ability to change providers on the fly (woo hoo, who uses that?!) go for the built-in one.

If not, build your own, but if you do, make sure you store an encrypted/salted hash of your passwords, and do a proper encrypted cookie please.

[Updated to reflect feedback in comments]