Is ASP.NET's Membership system secure enough?

Is the Membership system included in ASP.NET secure enough to use in a real-world web site? Since I'm not interested in creating my own providers, I'm only interested in the providers Microsoft built in to the system.


Solution 1:

Membership can be a secure way of implementing forms authentication, but as with anything security-related, it's all in how you implement it. It's also important to consider whether its backend will be active directory (which makes things easier) or something else, and how those connections will be secured. Here's the MSDN page on securing a site using membership.