When I create a site that requires registration and login, for something fast without a lot of requirements, I will use membership with the [Authorize] attributes and something else. Works well for what he does. But now I want something more. I mainly develop a site using ASP.NET MVC EF CodeFirst and want to create a custom object that will be stored in a database that contains much more information. Such information required during registration will have additional properties, such as FirstName, LastName, Gender, Country, etc.
I tried reading through implementing custom MembershipProvider and MembershipUser etc. I went this far, but I'm just not going to what I want in the end. Now, when I develop a site in PHP or sometimes in ASP.NET, I simply create my User class and give it all the properties necessary for the registration page, and just click it in the database. Then, when I log in, I just take a username or email address and password and just create a session variable indicating whether the user is allowed or not.
This is normal? I just don’t understand why this whole part of the membership is much more complicated than it seems, so I feel that I am missing everything. In addition, I noticed in the ASP.NET MVC web application that when you are authenticated, it writes this line ....
FormsAuthentication.SetAuthCookie(model.UserName, createPersistentCookie: false);
What is the difference between this and ...
Session["username"] = model.UserName