Very pertinent question. with ASPSecurityKit, you get the whole auth/user management stack right as part of your application while with AuthZero, it's offered as a service. Your cost and risk will increase with such SaaS services as your product and number of its users grow while with ASK, the cost remains stable, and without risk of third-party exposure. IMO, user management is so core to any web application that it's not worth it to outsource it if you have a long-term plan for the product.
Additionally, even if you're using an auth service, the automatic data authorization feature that ASK provides through its ADA feature [0] and [1], is something you've to still build in your app, as authorization of input data depends on the domain model of your application and not something generic like user model. ASK can make it automatic because it lets you define convention once (and comes with default conventions based on best practices btw), and takes care of applying them throughout your requests, obviously working with you wherever you need to override something.
Additionally, even if you're using an auth service, the automatic data authorization feature that ASK provides through its ADA feature [0] and [1], is something you've to still build in your app, as authorization of input data depends on the domain model of your application and not something generic like user model. ASK can make it automatic because it lets you define convention once (and comes with default conventions based on best practices btw), and takes care of applying them throughout your requests, obviously working with you wherever you need to override something.
0: data authorization in design guide https://aspsecuritykit.net/guides/designing-activity-based-d...
1: data authorization in implementation guide: https://aspsecuritykit.net/docs/article/how-to-perform-activ...