Vulnerability in EPiServer.Forms
I am charged with keeping customer usernames and passwords within Episerver, however the rest of their details will be kept in a CRM, and accessed after they have logged in. There is already a list of thousands of these customer accounts (which will have to be imported before launch).
Should i keep these objects in DDS or manage them as Episerver Logins?
My feeling is that, since there will be so many, they should be in DDS, rather than Episerver user account, but i am a noob to Episerver, so its just a feeling.
My advice is to store user accounts as user accounts. Then you can use the built in tools ASP.net has for managing accounts and not build your own, for example reset password feature.
Can Episerver manage thousands of user accounts though?
Sure, it shouldn't be a problem.
I have 100 000s of users in my Episerver applications. No problem there to keep them as users in Episerver.
I would import them as a standard Episerver user (and set role etc) using a scheduled job (if I need to run it again). Then you can use .NET standard Membership and Roleprovider classes without any modifications. Episerver also takes care of storing passwords etc as hash etc which is important for security. Building that part yourself is normally not a good idea. Then you also get some benefits that admins can help change passwords and administrate users. Building that part yourself will not be funny either. I have not experienced any performance problems with having many users with Episerver CMS.
Many thanks guys.