Why to use ASP.NET Identity or Form Authentication?

Question

I am creating a project not very large scale and came to create a system of registration and login. In which cases/projects you might want to use ASP.NET Identity and when you just want to create your own login system, whose creation is much easier? As a result of Your practice?

Maybe I have to use Form Authenticator?

Answer 1

• Do you want social login (google / facebook / twitter / linkedin / etc)?
• Do you want two-factor authentication?
• Do you require users to confirm an email address as part of registration?
• YOU DO WANT TO 1-WAY ENCRYPT THE PASSWORD ...but how?

ASP.NET Identity2 makes doing a lot of these things easier, because they already wrote the code for a lot of this stuff -- password hashing, creating confirmation tokens (for registration / password reset / linking emails to an account), social logins, etc.

Also, @Tim Schmelter makes a very good point in his comment. Security is not easy to get right. When you roll your own registration and login, you are not only making more work for yourself, but you are probably going to leave holes in the registration and login system.

ASP.NET Identity is not an "all or nothing" tool. You can use pieces of it as needed. There is no reason why you can't borrow the password hashing and token generation/validation portions of it, and then use the (non-claims-based) FormsAuthentication to write the cookie. However if you want claims-based authentication and social logins, I would recommend staying away from FormsAuthentication.