SimpleMembership, Membership Providers, Universal Providers and the new ASP.NET 4.5 Web Forms and ASP.NET MVC 4 templates

The ASP.NET MVC 4 Internet template adds some new, very useful features which are built on top of SimpleMembership. These changes add some great features, like a much simpler and extensible membership API and support for OAuth. However, the new account management features require SimpleMembership and won't work against existing ASP.NET Membership Providers. I'll start with a summary of top things you need to know, then dig into a lot more detail.

Summary:

  • SimpleMembership has been designed as a replacement for the previous ASP.NET Role and Membership provider system
  • SimpleMembership solves common problems developers ran into with the Membership provider system and was designed for modern user / membership / storage needs
  • SimpleMembership integrates with the previous membership system, but you can't use a MembershipProvider with SimpleMembership
  • The new ASP.NET MVC 4 Internet application template AccountController requires SimpleMembership and is not compatible with previous MembershipProviders
  • You can continue to use existing ASP.NET Role and Membership providers in ASP.NET 4.5 and ASP.NET MVC 4 - just not with the ASP.NET MVC 4 AccountController
  • The existing ASP.NET Role and Membership provider system remains supported, as it is part of the ASP.NET core
  • ASP.NET 4.5 Web Forms does not use SimpleMembership; it implements OAuth on top of ASP.NET Membership
  • The ASP.NET Web Site Administration Tool (WSAT) is not compatible with SimpleMembership

The following is the result of a few conversations with Erik Porter (PM for ASP.NET MVC) to make sure I had some the overall details straight, combined with a lot of time digging around in ILSpy and Visual Studio's assembly browsing tools.

SimpleMembership: The future of membership for ASP.NET

The ASP.NET Membership system was introduced with ASP.NET 2.0 back in 2005. It was designed to solve common site membership requirements at the time, which generally involved username / password based registration and profile storage in SQL Server. It was designed with a few extensibility mechanisms - notably a provider system (which allowed you override some specifics like backing storage) and the ability to store additional profile information (although the additional  profile information was packed into a single column which usually required access through the API). While it's sometimes frustrating to work with, it's held up for seven years - probably since it handles the main use case (username / password based membership in a SQL Server database) smoothly and can be adapted to most other needs (again, often frustrating, but it can work).

The ASP.NET Web Pages and WebMatrix efforts allowed the team an opportunity to take a new look at a lot of things - e.g. the Razor syntax started with ASP.NET Web Pages, not ASP.NET MVC. The ASP.NET Web Pages team designed SimpleMembership to (wait for it) simplify the task of dealing with membership. As Matthew Osborn said in his post Using SimpleMembership With ASP.NET WebPages:

With the introduction of ASP.NET WebPages and the WebMatrix stack our team has really be focusing on making things simpler for the developer. Based on a lot of customer feedback one of the areas that we wanted to improve was the built in security in ASP.NET. So with this release we took that time to create a new built in (and default for ASP.NET WebPages) security provider. I say provider because the new stuff is still built on the existing ASP.NET framework. So what do we call this new hotness that we have created? Well, none other than SimpleMembership. SimpleMembership is an umbrella term for both SimpleMembership and SimpleRoles.

Part of simplifying membership involved fixing some common problems with ASP.NET Membership.

Problems with ASP.NET Membership

ASP.NET Membership was very obviously designed around a set of assumptions:

  • Users and user information would most likely be stored in a full SQL Server database or in Active Directory
  • User and profile information would be optimized around a set of common attributes (UserName, Password, IsApproved, CreationDate, Comment, Role membership...) and other user profile information would be accessed through a profile provider

Some problems fall out of these assumptions.

Requires Full SQL Server for default cases

The default, and most fully featured providers ASP.NET Membership providers (SQL Membership Provider, SQL Role Provider, SQL Profile Provider) require full SQL Server. They depend on stored procedure support, and they rely on SQL Server cache dependencies, they depend on agents for clean up and maintenance. So the main SQL Server based providers don't work well on SQL Server CE, won't work out of the box on SQL Azure, etc.

Note: Cory Fowler recently let me know about these Updated ASP.net scripts for use with Microsoft SQL Azure which do support membership, personalization, profile, and roles. But the fact that we need a support page with a set of separate SQL scripts underscores the underlying problem.

Aha, you say! Jon's forgetting the Universal Providers, a.k.a. System.Web.Providers! Hold on a bit, we'll get to those...

Custom Membership Providers have to work with a SQL-Server-centric API

If you want to work with another database or other membership storage system, you need to to inherit from the provider base classes and override a bunch of methods which are tightly focused on storing a MembershipUser in a relational database. It can be done (and you can often find pretty good ones that have already been written), but it's a good amount of work and often leaves you with ugly code that has a bunch of System.NotImplementedException fun since there are a lot of methods that just don't apply.

Designed around a specific view of users, roles and profiles

The existing providers are focused on traditional membership - a user has a username and a password, some specific roles on the site (e.g. administrator, premium user), and may have some additional "nice to have" optional information that can be accessed via an API in your application.

This doesn't fit well with some modern usage patterns:

  • In OAuth and OpenID, the user doesn't have a password
  • Often these kinds of scenarios map better to user claims or rights instead of monolithic user roles
  • For many sites, profile or other non-traditional information is very important and needs to come from somewhere other than an API call that maps to a database blob

What would work a lot better here is a system in which you were able to define your users, rights, and other attributes however you wanted and the membership system worked with your model - not the other way around.

Requires specific schema, overflow in blob columns

I've already mentioned this a few times, but it bears calling out separately - ASP.NET Membership focuses on SQL Server storage, and that storage is based on a very specific database schema.

aspnet_tutorial04_MembershipSetup_vb_figure10[1]

Update: This schema has been improved a lot with Universal Providers. The views and stored procedures have been removed, and the tables are simplified.

2012-09-05_16h12_30

Still, the main issues are unchanged: you're not in control of the schema, and any profile data is stored in property value blobs in the Profiles table:

2012-09-05_16h14_31

SimpleMembership as a better membership system

As you might have guessed, SimpleMembership was designed to address the above problems.

Works with your Schema

As Matthew Osborn explains in his Using SimpleMembership With ASP.NET WebPages post, SimpleMembership is designed to integrate with your database schema:

All SimpleMembership requires is that there are two columns on your users table so that we can hook up to it – an “ID” column and a “username” column. The important part here is that they can be named whatever you want. For instance username doesn't have to be an alias it could be an email column you just have to tell SimpleMembership to treat that as the “username” used to log in.

Matthew's example shows using a very simple user table named Users (it could be named anything) with a UserID and Username column, then a bunch of other columns he wanted in his app.

UsersTable[1]

Then we point SimpleMemberhip at that table with a one-liner:

WebSecurity.InitializeDatabaseFile("SecurityDemo.sdf", "Users", "UserID", "Username", true);

No other tables are needed, the table can be named anything we want, and can have pretty much any schema we want as long as we've got an ID and something that we can map to a username.

Broaden database support to the whole SQL Server family

While SimpleMembership is not database agnostic, it works across the SQL Server family. It continues to support full SQL Server, but it also works with SQL Azure, SQL Server CE, SQL Server Express, and LocalDB. Everything's implemented as SQL calls rather than requiring stored procedures, views, agents, and change notifications.

Note that SimpleMembership still requires some flavor of SQL Server - it won't work with MySQL, NoSQL databases, etc. You can take a look at the code in WebMatrix.WebData.dll using a tool like ILSpy if you'd like to see why - there are places where SQL Server specific SQL statements are being executed, especially when creating and initializing tables. It seems like you might be able to work with another database if you created the tables separately, but I haven't tried it and it's not supported at this point.

Note: I'm thinking it would be possible for SimpleMembership (or something compatible) to run Entity Framework so it would work with any database EF supports. That seems useful to me - thoughts?

Note: SimpleMembership has the same database support - anything in the SQL Server family - that Universal Providers brings to the ASP.NET Membership system.

UPDATE: Newer updates of Universal Providers - I believe starting with the 1.2 release on 8/16 - are now really database agnostic, so they'll work on any database that has an Entity Framework provider.

Easy to with Entity Framework Code First

The problem with with ASP.NET Membership's system for storing additional account information is that it's the gate keeper. That means you're stuck with its schema and accessing profile information through its API.

SimpleMembership flips that around by allowing you to use any table as a user store. That means you're in control of the user profile information, and you can access it however you'd like - it's just data. Let's look at a practical based on the AccountModel.cs class in an ASP.NET MVC 4 Internet project. Here I'm adding a Birthday property to the UserProfile class.

[Table("UserProfile")]
public class UserProfile
{
    [Key]
    [DatabaseGeneratedAttribute(DatabaseGeneratedOption.Identity)]
    public int      UserId { get; set; }
    public string   UserName { get; set; }
    public DateTime Birthday { get; set; }
}

Now if I want to access that information, I can just grab the account by username and read the value.

var context = new UsersContext();
var username = User.Identity.Name;
var user = context.UserProfiles.SingleOrDefault(u => u.UserName == username);
var birthday = user.Birthday;

So instead of thinking of SimpleMembership as a big membership API, think of it as something that handles membership based on your user database. In SimpleMembership, everything's keyed off a user row in a table you define rather than a bunch of entries in membership tables that were out of your control.

How SimpleMembership integrates with ASP.NET Membership

Okay, enough sales pitch (and hopefully background) on why things have changed. How does this affect you? Let's start with a diagram to show the relationship (note: I've simplified by removing a few classes to show the important relationships):

2012-08-29_16h59_20

So SimpleMembershipProvider is an implementaiton of an ExtendedMembershipProvider, which inherits from MembershipProvider and adds some other account / OAuth related things. Here's what ExtendedMembershipProvider adds to MembershipProvider:

ExtendedMembershipProvider

The important thing to take away here is that a SimpleMembershipProvider is a MembershipProvider, but a MembershipProvider is not a SimpleMembershipProvider.

This distinction is important in practice: you cannot use an existing MembershipProvider (including the Universal Providers found in System.Web.Providers) with an API that requires a SimpleMembershipProvider, including any of the calls in WebMatrix.WebData.WebSecurity or Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.

However, that's as far as it goes. Membership Providers still work if you're accessing them through the standard Membership API, and all of the core stuff  - including the AuthorizeAttribute, role enforcement, etc. - will work just fine and without any change.

Let's look at how that affects you in terms of the new templates.

Membership in the ASP.NET MVC 4 project templates

ASP.NET MVC 4 offers six Project Templates:

  • Empty - Really empty, just the assemblies, folder structure and a tiny bit of basic configuration.
  • Basic - Like Empty, but with a bit of UI preconfigured (css / images / bundling).
  • Internet - This has both a Home and Account controller and associated views. The Account Controller supports registration and login via either local accounts and via OAuth / OpenID providers.
  • Intranet - Like the Internet template, but it's preconfigured for Windows Authentication.
  • Mobile - This is preconfigured using jQuery Mobile and is intended for mobile-only sites.
  • Web API - This is preconfigured for a service backend built on ASP.NET Web API.

2012-08-29_17h26_24

Out of these templates, only one (the Internet template) uses SimpleMembership.

ASP.NET MVC 4 Basic template

The Basic template has configuration in place to use ASP.NET Membership with the Universal Providers. You can see that configuration in the ASP.NET MVC 4 Basic template's web.config:

<profile defaultProvider="DefaultProfileProvider">
  <providers>
    <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
  </providers>
</profile>
<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
  </providers>
</membership>
<roleManager defaultProvider="DefaultRoleProvider">
  <providers>
    <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
  </providers>
</roleManager>
<sessionState mode="InProc" customProvider="DefaultSessionProvider">
  <providers>
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
  </providers>
</sessionState>

This means that it's business as usual for the Basic template as far as ASP.NET Membership works.

ASP.NET MVC 4 Internet template

The Internet template has a few things set up to bootstrap SimpleMembership:

2012-08-29_17h45_32

  • \Models\AccountModels.cs defines a basic user account and includes data annotations to define keys and such
  • \Filters\InitializeSimpleMembershipAttribute.cs creates the membership database using the above model, then calls WebSecurity.InitializeDatabaseConnection which verifies that the underlying tables are in place and marks initialization as complete (for the application's lifetime)
  • \Controllers\AccountController.cs makes heavy use of OAuthWebSecurity (for OAuth account registration / login / management) and WebSecurity. WebSecurity provides account management services for ASP.NET MVC (and Web Pages)

WebSecurity can work with any ExtendedMembershipProvider. There's one in the box (SimpleMembershipProvider) but you can write your own. Since a standard MembershipProvider is not an ExtendedMembershipProvider, WebSecurity will throw exceptions if the default membership provider is a MembershipProvider rather than an ExtendedMembershipProvider.

Practical example:

  1. Create a new ASP.NET MVC 4 application using the Internet application template
  2. Install the Microsoft ASP.NET Universal Providers for LocalDB NuGet package
  3. Run the application, click on Register, add a username and password, and click submit

You'll get the following execption in AccountController.cs::Register: To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".

2012-08-29_18h34_13

This occurs because the ASP.NET Universal Providers packages include a web.config transform that will update your web.config to add the Universal Provider configuration I showed in the Basic template example above. When WebSecurity tries to use the configured ASP.NET Membership Provider, it checks if it can be cast to an ExtendedMembershipProvider before doing anything else.

So, what do you do?

Options:

If you want to use the new AccountController, you'll either need to use the SimpleMembershipProvider or another valid ExtendedMembershipProvider. This is pretty straightforward.

If you want to use an existing ASP.NET Membership Provider in ASP.NET MVC 4, you can't use the new AccountController. You can do a few things:

  1. Replace  the AccountController.cs and AccountModels.cs in an ASP.NET MVC 4 Internet project with one from an ASP.NET MVC 3 application (you of course won't have OAuth support). Then, if you want, you can go through and remove other things that were built around SimpleMembership - the OAuth partial view, the NuGet packages (e.g. the DotNetOpenAuthAuth package, etc.)
  2. Use an ASP.NET MVC 4 Internet application template and add in a Universal Providers NuGet package. Then copy in the AccountController and AccountModel classes.
  3. Create an ASP.NET MVC 3 project and upgrade it to ASP.NET MVC 4 using the steps shown in the ASP.NET MVC 4 release notes.

None of these are particularly elegant or simple. Maybe we (or just me?) can do something to make this simpler - perhaps a NuGet package. However, this should be an edge case - hopefully the cases where you'd need to create a new ASP.NET but use legacy ASP.NET Membership Providers should be pretty rare. Please let me (or, preferably the team) know if that's an incorrect assumption.

Membership in the ASP.NET 4.5 project template

ASP.NET 4.5 Web Forms took a different approach which builds off ASP.NET Membership. Instead of using the WebMatrix security assemblies, Web Forms uses Microsoft.AspNet.Membership.OpenAuth assembly. I'm no expert on this, but from a bit of time in ILSpy and Visual Studio's (very pretty) dependency graphs, this uses a Membership Adapter to save OAuth data into an EF managed database while still running on top of ASP.NET Membership.

2012-08-29_19h13_13

Note: There may be a way to use this in ASP.NET MVC 4, although it would probably take some plumbing work to hook it up.

How does this fit in with Universal Providers (System.Web.Providers)?

Just to summarize:

  • Universal Providers are intended for cases where you have an existing ASP.NET Membership Provider and you want to use it with another SQL Server database backend (other than SQL Server). It doesn't require agents to handle expired session cleanup and other background tasks, it piggybacks these tasks on other calls.
  • Universal Providers are not really, strictly speaking, universal - at least to my way of thinking. They only work with databases in the SQL Server family.
  • Universal Providers do not work with Simple Membership.
  • The Universal Providers packages include some web config transforms which you would normally want when you're using them.

What about the Web Site Administration Tool?

Visual Studio includes tooling to launch the Web Site Administration Tool (WSAT) to configure users and roles in your application.

image102[1]

WSAT is built to work with ASP.NET Membership, and is not compatible with Simple Membership. There are two main options there:

  1. Use the WebSecurity and OAuthWebSecurity API to manage the users and roles
  2. Create a web admin using the above APIs
  3. Since SimpleMembership runs on top of your database, you can update your users as you would any other data - via EF or even in direct database edits (in development, of course)

2012-08-29_19h34_46

98 Comments

  • Thanks for that.

    Any chance of Getting a Provider that isn't SQL centric?

    I've been trying to wrap an Extended Membership provider around MongoDB and I'm going grey in the process :(

  • Why are there two different ways of handling membership for MVC and WebForms? This seems like a very hacked together solution. I would like to see a more unified programming model for ASP.NET authentication period. Personally, I think the Membership providers should be deprecated

  • hi do you know if simplemembership supports anonymous users to store information - eg: language, etc.- or it has to be managed using cookies?. brgds!
    sebastian.

  • Great post? Could you possibly talk about the process of upgrading an existing app with an existing MembershipProvider to use the new SimpleProvider?

  • Ok, first of all: great! Bring your own schema was really missing from membership.

    But... for something that is supposed to be simple, if you look at this blog post, it seems quite complex.

    I think you guys are drowning us in tooling, and have done so for a long time. I love simplified API's, but we now have three solutions, and multiple templates, spread out over 3/4 web stacks.

    If you guys really want to present us with One ASP.NET, then you are going to have to start a spring cleaning next year.

    Imho...

  • thanks for the post - really helps my understanding, but it really looks like the situation with membership has become way overcomplicated in 4.5....particularly the woefully named providers (universal is not, simple really isn't).

    Really confused by the need to reference webmatrix dlls too....doesn't feel core framework. We could not deploy the MVC4 template to azure without hacking out the "simple" provider.

  • "Well done" guys.
    Now I'm totally confused how to use SimpleMembership with VS 2012 RTM ASP.NET 4.5 MVC 4 Internet Application. The template neither has "\Filters\InitializeSimpleMembershipAttribute.cs" neither
    "\Controllers\AccountController.cs makes heavy use of OAuthWebSecurity (for OAuth account registration / login / management) and WebSecurity. WebSecurity provides account management services for ASP.NET MVC (and Web Pages)" - it still uses Membership.

    Will be nice to provide simple step by step example how to connect this template with User class with ID and Username.

  • Thanks for the write-up, this helps with understanding the MS direction.
    As I was playing around with this the other day for a project that has to support multiple databases, I ended up implementing the ExtendedMembershipProvider, and also writing a Role/Profile/Session provider. Luckily, the LLBLGen tool generates 1 DAL that works across SQL, MySQL, Oracle, DB2, etc..., so it wasn't too time-consuming.
    I agree that being able to also support NoSQL would be nice as well. For now, I guess those will have to be 1-offs.
    I like that MS is working EF into this, but seeing the amount of inline SQL in this code-base seems to distill the value of EF as a true "entity" framework imo, and gives even more credence to existing frameworks that already have cross-database abstraction.
    I welcome the inclusion of OAuth ( much easier now :-) ). I see this API as WIP, and look forward to seeing it evolve.
    Also, I'm curious as to how many real projects out there actually like the magic tables?

  • My ASP.NET MVC 3 project uses the ActiveDirectoryMembershipProvider and SqlRoleProvider. I'm hoping to see a tutorial or more information about migrating to SimpleMembership from the previous ASP.NET Role and Membership provider system.

    I'm also hoping that the project templates will be updated to include a basic administrative interface for roles. This is something that nearly every developer using role-based authorization will need to implement; a mechanism for administrative users to assign roles.

  • I was wondering how the database schema is generated when you first register?

    I'm looking for a replacement to the System.Web.Management.SqlServices.Install() procedure that can programmatically create the Membership schema, but for the new System.Web.Providers and it's new database schema.

    I'm using it in my MvcInstaller NuGet package and I want to incorporate it into the next version of my SecurityGuard NuGet package which is a complete Membership UI for MVC. See mvccentral.net/story/search/tools.

    Any ideas if that is possible with the new providers?

    Thanks.

  • Really, what I'd like to see is simpler support for OAuth so that fewer users (me included) need to keep *yet another* username-password combination in their heads.

  • Is there any support to connect with LDAP?

  • Hi Jon;

    Using SimpleMembership, where does the role and it's relationship with the user gets stored? Will it create another database and tables in it? If yes, can we have the SimpleMembership store ALL tables in our database?

    Thanks!
    ..Ben

  • Hi Jon,
    thanks for the post - I have been looking for something like this for a few weeks now!

  • Hi, this post is way more than what I was hoping for as response to my "question" about simple membership. Now having experimented with it, really liking what i've seen so far... I just wonder why the 'connectionString' is hardcoded twice in the files.

    in InitializeSimpleMembershipAttribute.cs WebSecurity initializes with
    WebSecurity.InitializeDatabaseConnection(ConnectionString, "UserProfile", "UserId", "UserName", autoCreateTables: true);

    and in AccountModels.cs the UsersContext initilizes calls base("Defaultconnection") at initialization...

    Wouldn't it be nicer to have something like

    public const string ConnectionString = "DefaultConnection";

    in Class "InitializeSimpleMembershipAttribute" (I'd have chosen class SimpleMembership... but thats a private class...)

    so WebSecurity would call

    WebSecurity.InitializeDatabaseConnection(ConnectionString, "UserProfile", "UserId", "UserName", autoCreateTables: true);

    and UsersContext could initialize its parent with

    using MvcApplication1.Filters;
    ...
    base(InitializeSimpleMembershipAttribute.ConnectionString)

    and thereby the connection String would be defined centrally at one place (well if you count web.config too, its still two places tho)

    just a thought...

  • Great post.

    It would be great if it would have used Interfaces instead of concretes to make dependency injection easier to implement. Instead of a Provider Model. It could have abstracted away the SQL Server dependencies.

    Although OAuth is a standard, I don't like how you hard coded it into the API. Passport was a standard you supported in the api, a few years ago.

  • I have tried to create custom membership by extending the ExtendedMembershipProvider or using the original MembershipProvider class.

    I am not able to even run the Web application. getting a strange exception from the Webmatrix.Webdata
    Configuration Error

    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: This method cannot be called during the application's pre-start initialization phase.

    I have post a question on that on the forum
    http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx

    Does anyone has the same problem?

    Noam

  • Sounds promising. Can you give some scenarios of how Oauth can be used with the API? Can we do Facebook login this way? Are there thoughts on integrating with ACS?

  • Seems like SimpleMembership is anything but. Why is it part of WebMatrix anyways? This is making less and less sense.

  • Let go of the past Jon, it's Ok! This was one seriously confusing read. A better title for this post would of been. How using "Universal Providers can break something Simple", or "Nuget Install-Package when s**t hits the fan".

    I'd like to point out a really cool thing I stumbled on. Create an MVC4 Internet Site, Register a user. Now go delete the database, and click on the User account link on web page. You get a nice screen to enter some credential, or a link to add external authentication services to sample site. Very cool...

  • Alright, so you don't have to delete database.. you get information page on the Manage Account page.. :)

  • no guid support for id columns?! come on how hard would that be

  • Hi, in the article, it mentioned:
    Use an ASP.NET MVC 4 Internet application template and add in a Universal Providers NuGet package. Then copy in the AccountController and AccountModel classes.

    Why copy in the AccountController and AccountModel classes? From where to where?

  • Due Following pair of methods it become too difficult to implement Azure Table storage backed repository for SimpleMembership.

    public override int GetUserIdFromOAuth(string provider, string providerUserId)

    public override string GetUserNameFromId(int userId)

    I have noticed the behavior closely and found that
    OAuthWebSecurity.Login or OAuthWebSecurity.GetUserName both calls above two methods in order. I would love if we would have above two method returns string and take string.
    Or may be object.

    I have my own ExtendedMembershipProvider so instad of talking SQL flavered DB . i wired up Azure Tables. but Azure tables don't have auto increment out of the box and due to concurrency issue it will be equally difficult and inefficient to implement int based ID col on azure. and it will be case for all storage who don't give out of the box automic auto increment data type.

    I would love to know real reason behind keeping int as userId.

  • This should not have a dependency on SQL. The security system needs to be agnostic to the underlying 'database'. For example, we should be able to use Azure tables, or even a system like CRM or SharePoint. We should not have a dependency on having a SQL database.

  • Whats the rational behind not supporting LDAP? I have to believe that there are many organizations that use LDAP for authentication as well as single sign-on.

    For those of us who are using LDAP for Forms Auth, we have now been force to tear out a bunch or follow 2 other procedures to do something that was extraordinarily simple to do in previous versions of MVC.

    Are there plans to implement a LDAP ExtendedMembershipProvider? Why is Microsoft forcing users to use this method in Internet templates by having it the stock method for auth?

  • I all the time emailed this webpage post page to all my associates, because if like
    to read it then my contacts will too.

  • Great post explaining what has turned into a subject that is WAY more complicated than it seems necessary.

    Easier to just create a few tables Users, Roles etc then scaffold them up and add in the extra logic then you are in total control over everything and not subject to this or any other future 'complications' !

  • If you are going for finest contents like I do, just pay a quick visit
    this website daily for the reason that it provides feature contents, thanks

  • Has anyone had any luck with implementing Simple Membership authentication across Sub-Domains? Setting the domain attribute of the authentication/forms web.config entry to ".localhost" is not working. I have a local hosts file configured correctly, but I cannot get authenticated access to any of the sub-domains after authenticating with the parent domain.

  • Hello! A friend shared this website, so I decided to look it over.
    I'm really enjoying your stuff. I'm going to come back and will be following you for good!

  • Is it possible to configure WebApi project with SimpleMembershipProvider?

  • Greetings! Very useful advice within this post!
    It's the little changes that produce the greatest changes. Many thanks for sharing!

  • I have decided not to upgrade to simpleproverder

  • I read this post and read your Pro MVC4 book. However I found very confuse about simplemembership. It is not clear definition and you not clear explain in detail especially in SimpleRoles. Hope to better post about this.

  • This post is a tremendous explanation of simple membership (which surely wins the biggest misnomer of 2012 award). Incompatibility with existing user management packages, no admin templates, and no implementation of GetAllUsers makes it the out-of-the box MVC4 authorization controllers useless for all but trivial blog-ware apps. Why provide all that Roles goodness without a decent set of management controllers? Feels half baked. P.S. Your blog is great but the could do with a spam catcher.

  • Does your site have a contact page? I'm having a tough time locating it but, I'd like to shoot you an e-mail.
    I've got some creative ideas for your blog you might be interested in hearing. Either way, great blog and I look forward to seeing it expand over time.

  • You've made some really good points there. I checked on the internet for additional information about the issue and found most people will go along with your views on this site.

  • Getting started with this is a nightmare. Trying to google what exactly needs to be done and my clever use of keywords is not coming up with much. I found this blog which is a book in itself on a widescreen monitor, sorry but hell no. I just deleted all of the membership code from the MVC 4 template and am going to try to do it the old way. Sorry if I'm skeptical about jumping on the bandwagon, but you have to admit, you guys did invent that horrific thing called webforms that everyone who doesn't use .NET uses against us.

  • when building a multi-tenant web forms app using traditional membership, one must be careful not to change "improperly" the application property on the membership object. While it allows multiple app to distinguish membership names, its not thread safe. One is forced to have distinct HTTPAPPs deployments, to address the issue - which works fine in the Azure webrole world.

    in simplemembership does one have the same issue?

    Though I build all my project with the web forms version of the internet application, Im considering moving to the MVC4 version (based on simplemembership). Id love to have my app's tenants defined by domain name (HOST header), rather than HTTPAPP. I could swap membership "application" accordingly, but only if simplemembership expects this kind of usage.

    does it? Or do I need each MVC4 internet app in its own webrole (HttpApp)?

  • Nitip jemuranya ya mister.. buat kontes seo

  • Why visitors still use to read news papers when in this technological world
    the whole thing is existing on net?

  • [quote]However, this should be an edge case - hopefully the cases where you'd need to create a new ASP.NET but use legacy ASP.NET Membership Providers should be pretty rare. Please let me (or, preferably the team) know if that's an incorrect assumption.[/quote]

    This is an incorrect assumption in my case, and in many cases, too I believe. This assumption would basically mean previous MVC Internet application are unlikely to be upgraded to MVC4. Because of the lack of support for membership, my apps are staying with MVC3, until I have time to look into it. Perhaps I will have better luck with MVC5..

  • Soooooo much spam comments. Delete url option so this stupid bots will have no reason to leave comments!

  • I really love your website.. Very nice colors & theme. Did you develop this site yourself?
    Please reply back as I'm attempting to create my own blog and would love to know where you got this from or exactly what the theme is named. Thanks!

  • I still think that something is missing.

  • I wish to

    1. Derive a custom provider like so:

    MySimpleMembershipProvider : ExtendedMembershipProvider

    2. Override all required members

    3. Register MySimpleMembershipProvider in Web.Config so that I can use WebSecurity class as used in the MVC4 template internet web projects

    I cannot see how step 3 is accomplished. A beer for anyone who can show me the light.

  • Link exchange is nothing else except it is just
    placing the other person's webpage link on your page at appropriate place and other person will also do similar in favor of you.

  • Im using default MembershipProvider in my MVC3 website, I am able to create the user but its not validating. Can you please help me out on this?

  • vos no sabes nada flaco

  • The Nintendo games the telephone number one gaming terminus for fifty-fifty the virtually discerning online histrion.
    My married woman and I perpetually get letters from our banking company tattle us we can increment our demarcation line, the one-third is beatable,
    and the fourth part is very vincible. The biz""where you act as through and through the events
    of the original Maven Wars trilogy as going away and maintain you well-chosen well-chosen sufficiency so
    that if you did pass off to win, you would hail support.

  • Holy Spam, Batman! There are a lot of good questions in here but they're hard to find with so much spam.

  • That's it for me and Microsuck. I made the dreadful decision to upgrade to vs2012. Everything works in the app - nothing works on the server. They must have guys who sit around and thing up ways to make programmers lives a nightmare. There should have been a simple - if you have an existing app use this simple fix. NOPE - hellmare.

  • I have your book Pro MVC4 but it's coverage of SimpleMembership (which seems to be a potentially useful new feature of MVC4) in basically 1 page (437) that is half about NuGet is absolutely useless to get started with it - as is this article which just covers related stuff (which is interesting info.) but NOTHING about how to actually use it in an MVC4 Application - except excerpts from Mathew's Web pages article - which doesn't seem to help much for MVC4.

    I'm NOT using WebMatrix but VS2010 & MVC4.

    If I install the 3 SimpleMembership packages from NuGet I get version clashes with differing WebMatrix version that are installed.

    On it's own (or even with the SimpleMembership Administration package) the SimpleMembership that is built-in with the Intenet option works without errors - but using some hidden database (which I can't access with SQL 2005).

    But including SimpleMembership.Mvc3 package causes

    Error 6 Assembly 'Microsoft.Web.WebPages.OAuth, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' uses 'WebMatrix.WebData, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' which has a higher version than referenced assembly 'WebMatrix.WebData, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' c:\WebDev\MvcApplication2\packages\Microsoft.AspNet.WebPages.OAuth.2.0.20710.0\lib\net40\Microsoft.Web.WebPages.OAuth.dll MvcApplication2

    makes the SimpleMembershipAdministration views no longer available

    causes Warning 7 Found conflicts between different versions of the same dependent assembly. MvcApplication2

    and Warning 5 Reference to type 'WebMatrix.WebData.OAuthAccountData' claims it is defined in 'c:\WebDev\MvcApplication2\packages\SimpleMembership.Mvc3.1.2\lib\Net40\WebMatrix.WebData.dll', but it could not be found c:\WebDev\MvcApplication2\packages\Microsoft.AspNet.WebPages.OAuth.2.0.20710.0\lib\net40\Microsoft.Web.WebPages.OAuth.dll MvcApplication2


    I just want SimpleMembership to use my existing legacy SQL2005 database using my own existing Users table's UserID and Username - if I could just establish WHERE the WebSecurity.InitializeDatabaseFile("SecurityDemo.sdf", "Users", "UserID", "Username", true);
    "one liner" is supposed to be added to override the default hidden database?

    I don't care (for now) about facilitating unit testing of SimpleMembership, so I can happily live without the SimpleMembership.mvc package that causes chaos. (Fortunately I tested first in a new MVC4 Internet Application and found these issues, so, I can hopefully still get the SimpleMembership working in my actual Application - if I can just get it to use MY existing legacy SQL2005 database Users table).

    Your help with untangling this mess to get SimpleMembership usable with my existing database would be really appreciated, Jon.

  • Currently IO have a custom membership Provider that scans multiple AD Domains and Databases for user Credentials.

    It was built with .net 2.0 and .net 3.5 I want to move to MVC4 with .net 4.5 I'm still not cleart as to how to proceed with the rewrite.


  • Anyone has any luck deleting an existing User Account from SimpleMemberShip database? . And how was that implemented?

  • Hi friends, its great post on the topic of educationand completely
    defined, keep it up all the time.

  • Nice post. I learn something totally new and challenging on blogs I stumbleupon
    on a daily basis. It will always be exciting to read through content from other authors
    and use something from other websites.

  • Thank you so much, really clear and I now get it. Got my profile working as well - happy days :-)

  • I am really glad to glance at this webpage posts which includes plenty of useful data, thanks for providing these information.

  • I comment when I like a article on a site or I have something to
    valuable to contribute to the conversation. It's caused by the fire communicated in the article I browsed. And on this article SimpleMembership, Membership Providers, Universal Providers and the new ASP.NET 4.5 Web Forms and ASP.NET MVC 4 templates - Jon Galloway. I was actually excited enough to create a thought :) I do have a couple of questions for you if you tend not to mind. Could it be simply me or does it look like a few of the responses come across like left by brain dead individuals? :-P And, if you are posting on additional social sites, I would like to keep up with you. Could you make a list the complete urls of your community sites like your Facebook page, twitter feed, or linkedin profile?

  • I am now not sure where you are getting your info,
    however good topic. I must spend some time studying much more or figuring out more.
    Thanks for fantastic information I used to be
    in search of this information for my mission.

  • This is really interesting, You're a very skilled blogger. I have joined your feed and look forward to seeking more of your great post. Also, I've shared your
    site in my social networks!

  • Hello would you mind letting me know which hosting company you're utilizing? I've loaded your
    blog in 3 different browsers and I must say this blog loads a
    lot quicker then most. Can you recommend
    a good hosting provider at a honest price? Kudos, I appreciate it!

  • With havin so much content do you ever run into any issues of plagorism or
    copyright infringement? My website has a lot of completely unique content I've either created myself or outsourced but it appears a lot of it is popping it up all over the internet without my authorization. Do you know any solutions to help stop content from being ripped off? I'd genuinely appreciate it.

  • Amazing issues here. I am very glad to peer your article.
    Thanks so much and I am having a look ahead to touch you.
    Will you please drop me a e-mail?

  • Don't give us a tool that is only half completed. Giving us an authorization tool without having administrative tools is stupid. Just think of how bad Windows Server would be if we said "Yeah, we have the great technology called AD, but you will have to write your own admin tool"....get with the whole security picture people!

  • Undeniably believe that which you said. Your favorite justification appeared to be on the
    net the simplest thing to be aware of. I say to you, I certainly get irked while people consider
    worries that they plainly don't know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side-effects , people can take a signal. Will likely be back to get more. Thanks

  • Hello, the whole thing is going sound here and ofcourse every one is sharing facts, that's really excellent, keep up writing.

  • Aw, this was a very good post. Spending some time and actual effort to produce a great
    article… but what can I say… I put things off a whole lot and never
    seem to get anything done.

  • I was curious if you ever considered changing the layout of your site?
    Its very well written; I love what youve got to say.

    But maybe you could a little more in the way of content so
    people could connect with it better. Youve
    got an awful lot of text for only having 1 or two
    images. Maybe you could space it out better?

  • I'm gone to tell my little brother, that he should also go to see this blog on regular basis to take updated from most recent news update.

  • ASP.NET is very difficult. I do know PHP and prefer it.

  • I say not the future, because they already rolled it out. And I feel it is half baked because they did not fix the ASP.NET Configuration tool to work with users and roles, or work at all for that matter. And supporting some profile keywords would have been nice as well. Iow, a decent means of seeding a membership database.

  • Wonderful blog! I found it while surfing around on Yahoo
    News. Do you have any tips on how to get listed in
    Yahoo News? I've been trying for a while but I never seem to get there! Many thanks

  • I have this working but am NOT impressed with the SimpleMembership provider. I had to add the UserProfile table I wanted to my data model as the SimpleMembershipInitializer would only add the standard Id and Name fields and none of my custom fields. Also,

    - The schema is bloated with fields that are not used (e.g. salt and oauth)

    - Oauth is not optional (I don't want to authenticate with Facebook - this is a biz app)

    - Does not create UserProfile custom fields for an existing model first database.

    - Geared for code first, not for model first.

    - Code is based on the old Membership provider rather than new code.

    - No support for seeding or user/profile maintenance like the WSAT tool which it is incompatible with.

    - Continuous unnecessary overhead checking if the database exists and if the tables exist, all for naught even on a code first approach and certainly for model first.

  • Thanks for sharing your thoughts about binary options trading.
    Regards

  • Great blog here! Also your web site loads up fast! What web host are you using?
    Can I get your affiliate link to your host?

    I wish my site loaded up as fast as yours lol

  • For the reason that the admin of this site is working, no hesitation
    very quickly it will be well-known, due to its quality
    contents.

  • Thanks for sharing your thoughts about dental. Regards

  • How could this be modified to accept username OR email for the login? (which is pretty standard these days).

    nick@net-shops.net

  • Interesting (as always) content, but I find myself in need to use readability.com to actually read it.

  • Hi, just wanted to tell you, I loved this post.

    It was inspiring. Keep on posting!

  • This post presents clear idea in favor of the new people of blogging, that really how to do running a blog.

  • If some one wants expert view about blogging then i
    propose him/her to pay a visit this weblog, Keep up the pleasant job.

  • Greetings from California! I'm bored at work so I decided to browse your site on my iphone during lunch break. I really like the info you provide here and can't wait to take a look when I get home.
    I'm surprised at how quick your blog loaded on my phone .. I'm not even using WIFI, just 3G .
    . Anyhow, excellent blog!

  • Hi there to every one, the contents existing at this web page are actually amazing for people knowledge, well, keep up the good work fellows.

  • If some one wishes expert view concerning blogging
    and site-building afterward i recommend him/her to visit this blog, Keep up the
    pleasant work.

  • Magnificent beat ! I wish to apprentice even as you amend your web site,
    how can i subscribe for a blog web site? The account aided me a acceptable deal.

    I were tiny bit familiar of this your broadcast provided vivid transparent
    concept

  • It's remarkable to pay a quick visit this website and reading the views of all mates on the topic of this post, while I am also keen of getting know-how.

  • This paragraph is actually a good one it assists new net people, who
    are wishing for blogging.

  • Hii,

    I have a ASP.Net 4.0 Web Forms Website with Membership, Roles and Users. Now I want to Make the same website in MVC 4 with SimpleMembershipPoovider. How I can transfer old Membership date into New Membership Tables while UserId has references in many other tables??

    I have stuck on it and dont know what to do?

    Thanks,

  • Your means of telling everything in this piece of writing is really fastidious, all
    be capable of without difficulty understand it,
    Thanks a lot.

  • Just wish to say your article is as astounding. The clearness in your post is simply spectacular and i could assume you are an expert on this subject. Well with your permission allow me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please continue the gratifying work.

  • I have added (accidently) SimpleMembership to my database using MSVS 2012.

    In MemberShip Provider we had the aspnet_regsql tool to add/remove the service from the databse.

    How can I remove the SimpleMemberShip service from my database?

    Thanks a lot

  • Hey great work - I was wondering what to do with that last clump of hair on my head, now its gone, so I can fit in better with all the other .Net programmers. I think you might really have somthing there, call it "MS Hairclub". Of /course/ anyone working with WebForms MUST want to make Membership as complicated and obtuse as possible, I mean that is clearly a prerequisite to being hired in the fist place, right?

  • I do not even know how I ended up here, but I thought this post was good.
    I do not know who you are but certainly you're going to a famous blogger if you aren't already
    ;) Cheers!

  • Spot on with this write-up, I absolutely believe this
    website needs far more attention. I'll probably be back again to see more, thanks for the information!

Comments have been disabled for this content.