Entirely custom authentification/authorization in ASP.NET MVC app.. good or bad idea?

I can certainly see why you don't want to implement an entire Membership provider. However, I would take advantage of the low-level support offered by Forms Authentication (e.g. The cookie, expiration etc.) and just do my own custom authentication. If you do this, you can inject your own custom user class into the HTTP context and use it throughout your code.

Your custom user object would implement IIdentity and IPrincipal. Your IPrincipal. IsInRole would work against your custom authentication scheme.

This would allow your higher level code to use standard . NET framework permissions stuff. This is the neatest, simplest way to accomplish what you want while taking advantage of what already exists.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.