What’s wrong with ASP.NET provider model? – The MembershipProvider

Basically, the lack of IIdentity in the API.

How would we had IIdentity to the MembershipProvider API? Simply, with a LoginUser method:

/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <returns>
/// A <see cref="T:System.Security.Principal.IIdentity"></see> instance
/// if the specified username and password are valid; otherwise, <see langword="null"></see>.
/// </returns>
/// <param name="username">The name of the user to validate.</param> /// <param name="password">The password for the specified user.</param> public abstract IIdentity LoginUser(string username, string password);

Not all membership checking is just about validating username and password. Sometimes, one needs to logon into a backend service provider and get a session token to access the membership system.

And, since we are at it, why don’t we add IIdentity support to the whole API?