What is the best method for user authorisation/authentication in ASP.NET MVC?
I see there are really two approaches:
I'd prefer the second option, because User is part of my domain model (and I have zero experience with ASP.NET's built-in stuff), but I'd really like to hear what people have been doing in this area.
There is actually a third approach. The asp.net membership functionality is based on the provider model. You can write a custom provider, thus being able to provide your own implementation for how the data is stored, but retaining much of the benefit of asp.net membership.
Some articles on the subject:
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
http://www.asp.net/learn/videos/video-189.aspx