Sep 06
Active Directory works great with SharePoint but it’s not always the ideal solution. ASP.NET membership works much better under certain circumstances. Here’s a great article by Scott Guthrie about ASP.NET membership and SharePoint (http://weblogs.asp.net/scottgu/archive/2006/04/30/SharePoint-2007-_2D002D00_-Built-on-ASP.NET-2.0-.aspx).
Here’s some points I’ve come accross that may help decide when to use either solution:
When to use Active Directory
- Users are already part of AD
- Accounts must be centrally managed by IT
- Accounts need to follow certain policies maintained by IT (password expiration, password strength)
- Users absolutely need SharePoint features only available from NTLM ie. windows explorer view for lists
- No need for forms auth and need true Windows auth integration
- Ideal for company intranets where the users of SharePoint are all from AD
When to use ASP.NET membership
- For using ASP.NET login controls (http://msdn.microsoft.com/en-us/library/ms178329.aspx) right out of the box. Saves incredible amount of work!
- There is a need for an account creation process, i.e. registration where the user will be granted with certain rights upon completing the registration.
- Need for more self service features for accounts such as “Forget Password” with a challenge and response, and a “Change Password” feature. These come out of the box.
- If the site is primary accesssed by users outside of the organization, AD will be convoluted with users that otherwise do not use internal resources. Using ASP.NET membership segregates these users which also provide better protection for assets that could be accessed by internal AD users.
- SharePoint developer/admin can support user accounts all from with the SharePoint server rather than an IT resource with rights to AD. This is helpful where there are large bureaucracies for IT that need to be bypassed.
- Ideal solution for partners, extranets, and public facing sites where the users do not need to be in AD.