Groups / Profiles and ASP.NET

[pbd22]

Hi.

I need some planning advice.

Namely, I want to build "Groups" and "Profiles" into my web
application.
I have been doing some initial reading about ASPNETDB and Membership
online. My questions are:

1) For those that have used ASPNET Membership to authenticate users
and define roles / security / etc, what has been your experience? Is
it
reasonably intuitive / easy to get going? Any limitations?

2) Is it possible to create detailed profiles with this API such that
the profile
can do a lot of cool stuff (friends lists / news feeds / group
subscriptions, etc).
Is that is the Profile Manager more dynamic than the simple storing of
email
and some other basic information? Any limitations or problems
encountered
with the ASPNET Profile provider API?

3) I want to have "Groups" as part of my application. Something
similar to
the groups service on Google (here). I see a lot out there on Roles in
the
ASP.NET membership API but not much about Groups... is it the same
thing? Does this feature allow basic user authentication to "create a
group"
and "offer various administrative rights" to people that join (edit /
delete / upload /
accept join requests to the same group / and so on)? Something like
a power-user but not an administrator?

4) Along the lines of #3, I have been reading about AzMan as I would
like to
have as much flexibility as possible with Groups. AzMan seems to be
sort of
what I want as it allows more flexibility than the Membership API /
ASPNETDB
but what I read online is pretty negative in terms of documentation /
configuration.
That, plus I am very wary of anything Interop. Thoughts here? Which
way is the
path of least resistance without losing sight of what I am trying to
accomplish?

Feedback appreciated, thanks.

 

[Gregory A. Beamer]

Hi.

I need some planning advice.

Namely, I want to build "Groups" and "Profiles" into my web
application.
I have been doing some initial reading about ASPNETDB and Membership
online. My questions are:

1) For those that have used ASPNET Membership to authenticate users
and define roles / security / etc, what has been your experience? Is
it
reasonably intuitive / easy to get going? Any limitations?

Very easy to get going. Also easy to put yourself into a box, especially
with Profile.

I would personally consider at least a custom Profile Provider, as the
Profile model is problematic on many levels.

1. All profile information stored in an encrypted field with a pointer
field. Very flexible, but a bit of overkill on flexibility for my tastes.
2. More important: Dinking around can lead to having to play A LOT to get
things fixed, as the Profile is created in ASP.NET temp and can become
"corrupted". At this point, it is a major pain to fix it. You can read this
entry, from my blog, for more info:
http://gregorybeamer.spaces.live.com/blog/cns!B036196EAF9B34A8!891.entry

2) Is it possible to create detailed profiles with this API such that
the profile
can do a lot of cool stuff (friends lists / news feeds / group
subscriptions, etc).
Is that is the Profile Manager more dynamic than the simple storing of
email
and some other basic information? Any limitations or problems
encountered
with the ASPNET Profile provider API?

Yes, you can get complex, but what you store with the default implementation
is just strings. For thsi reason, I would not use the default
implementation. Create a custom profile.

Some of the features you suggest here might not be held in Profile, per se,
although they can certainly be linked to it. Unless they are avaialable on
all pages, you are adding a huge overload to the Profile object.

3) I want to have "Groups" as part of my application. Something
similar to
the groups service on Google (here). I see a lot out there on Roles in
the
ASP.NET membership API but not much about Groups... is it the same
thing? Does this feature allow basic user authentication to "create a
group"
and "offer various administrative rights" to people that join (edit /
delete / upload /
accept join requests to the same group / and so on)? Something like
a power-user but not an administrator?

By groups, you mean you want the user to be able to join groups? If so, do
these groups require specific permissions, or can it be facilitated by a
simple add group and then get (optionally) approved by the group admin? If
so, the group feature is merely a list of groups the person "joins" with an
approval flag (or date, or similar) and is different from a role. It is just
a feature of your application.

Roles on the other hand are used to group permissions.

There is no "group" feature in ASP.NET, at least not built in.

4) Along the lines of #3, I have been reading about AzMan as I would
like to
have as much flexibility as possible with Groups. AzMan seems to be
sort of
what I want as it allows more flexibility than the Membership API /
ASPNETDB
but what I read online is pretty negative in terms of documentation /
configuration.
That, plus I am very wary of anything Interop. Thoughts here? Which
way is the
path of least resistance without losing sight of what I am trying to
accomplish?

AzMan is used to get very fine grained with permissions, something the
ASP.NET membership does not do very well. Essentially, it allows you to
authorize for tasks rather than just for roles. Unless you need this level
of granularity, I would skip it. If you properly separate out the ASP.NET
Memberhsip/Role/Profile code from your pages, you should be able to switch
to AzMan, if the need arises. I would not bite this bullet now based on what
you have stated in this post.