Associate
So I have been learning ASP.Net MVC along with Entity Framework from database first perspective.
The identity framework that is included in the project templates looks very interesting and will save me a lot of time as writing these sorts of systems is always a time consuming job. There are a couple of things that I am unsure about and I thought it would be best to ask on here before I dive in using this framework in my next big project.
Firstly, that database that it creates on the fly, can that be my main application database or will I have to run 2 (one for the identity stuff and one for my main app)? Is the framework smart enough not to interfere with the tables that I'll create and manage?
Secondly, I noticed the passwords are stored as a hash (good), but there is no sign of a salt anywhere. Exactly how secure is this hash that is created? Am I going to have to change this hashing mechanism to be more secure?
Thirdly, the user table does not contain all of the information I want to associate with a user. I hoping I'll be able to create another table with a 1 to 1 relationship with this table that'll contain all of the data that I'll need. I cant foresee any issues with this but has anyone else done something like this successfully?
Forthly, I'm going to need a roles and permissions based system in my application. I'm assuming I'll be able to utilise the roles and claims in the identity framework to do this, or will I be better off writing my own implementation?
The identity framework that is included in the project templates looks very interesting and will save me a lot of time as writing these sorts of systems is always a time consuming job. There are a couple of things that I am unsure about and I thought it would be best to ask on here before I dive in using this framework in my next big project.
Firstly, that database that it creates on the fly, can that be my main application database or will I have to run 2 (one for the identity stuff and one for my main app)? Is the framework smart enough not to interfere with the tables that I'll create and manage?
Secondly, I noticed the passwords are stored as a hash (good), but there is no sign of a salt anywhere. Exactly how secure is this hash that is created? Am I going to have to change this hashing mechanism to be more secure?
Thirdly, the user table does not contain all of the information I want to associate with a user. I hoping I'll be able to create another table with a 1 to 1 relationship with this table that'll contain all of the data that I'll need. I cant foresee any issues with this but has anyone else done something like this successfully?
Forthly, I'm going to need a roles and permissions based system in my application. I'm assuming I'll be able to utilise the roles and claims in the identity framework to do this, or will I be better off writing my own implementation?
