With the introduction of ASP.NET MVC 4 Internet template, in order to make things simpler for developer, a new built in security provider was released by Microsoft which was built on top of SimpleMembership. These changes had support for OAuth and had some great features, like a much simpler and extensible membership API and. However, the new account management features require SimpleMembership and won’t work against existing ASP.NET Membership Providers.

Microsoft implemented the SimpleMembership APIs as providers that are plugged into the existing core ASP.NET Membership APIs.

SimpleRoleProvider simply implements the RoleProvider abstract base class.

SimpleMembershipProvider is a bit different. To be able to support features we needed to add additional functionality so Microsoft created a new ExtendedMembershipProvider abstract class.

The ExtendedMembershipProvider abstract class inherits from the core ASP.NET MembershipProvider abstract base class.

When we are using ASP.NET WebPages both of these new providers are registered as the default Membership and Role Providers. Microsoft also added a new WebSecurity class which serves a façade to SimpleMembershipProvider. This class is a helper class designed to make some of the more common tasks easy when you are trying to secure your website. WebSecuirty also contains certain APIs for some of the new functionality that has been added.

One of the biggest drawbacks with ASP.NET membership provider has been the lack of control over the users table. The default provider in ASP.NET gave some generic information and then the ability to store other information in a “blob”.

This worked out well if you were not trying to do anything complicated but, if you wanted to something complicated it wasn’t that easy.

With SimpleMembership Microsoft decided that it was easier to allow the developer to have control of the users table and let SimpleMembership handle storing the authentication credentials. For example, you might already have a users table and want to integrate it with SimpleMembership.

All SimpleMembership requires is that there are two columns on your users table so that we can hook up to it – an “ID” column and a “username” column. The important part here is that they can be named whatever you want. For instance username doesn’t have to be an alias it could be an email column you just have to tell SimpleMembership to treat that as the “username” used to log in.

Let’s see an example I will be using the new SQL CE 4 Database Engine so in WebMatrix lets add a new database file (this can be done on the database manager tab), name it say “Security.sdf”.

Now let’s add a new table called “Users” (you can call the tables and columns whatever you want). The only two columns you most have are some ID column and some username column in this case I have used “UserID” and “Username”. Also you can add any other columns for data you would like to store.

Now that we have created our users table we need to wire it up to SimpleMembership so that SimpleMembership knows what columns to use. Now let’s see a new feature of ASP.NET WebPages that you may or may not know about which is the start page. This is a specially named page that will get run the first time an application starts. So let’s create a page with the name “_start.cshtml” in your site, remove all the markup leaving only the code block at the top, and put the following code in that code block.

WebSecurity.InitializeDatabaseFile(“Security.sdf”, “Users”, “UserID”, “Username”, true);

The parameters are, name of the database file, name of the table you are using for the users table, name of the column being used for the ID, and name of the column you are using for the username respectively. The last parameter is a bool value true indicates that user profile and membership tables should be created if they do not exist. These are tables that are used under the covers to make everything work, for instance the roles table.

Every table created by SimpleMembership will be prefixed with “webpages_” in the name. So it always be a good practice if you have to manually query one of the tables with “webpages_” in the name there is probably a better API to be calling. Now once you run your site once, these will cause SimpleMembership to go and create the tables we need.

 

Problems with ASP.NET Membership

ASP.NET Membership has following issues:-

  • Requires specific schema
  • Requires Full SQL Server for default cases
  • Custom Membership Providers have to work with a SQL-Server-centric API
  • Designed around a specific view of users, roles and profiles

SimpleMembership was designed to address the above problems

  • Works with your Schema
  • Broaden database support to the whole SQL Server family
  • Easy to with Entity Framework Code First

 

Remarks:-

  • You can continue to use existing ASP.NET Role and Membership providers in ASP.NET 4.5 and ASP.NET MVC 4 – just not with the ASP.NET MVC 4 AccountController.
  • The existing ASP.NET Role and Membership provider system remains supported, as it is part of the ASP.NET core
  • ASP.NET 4.5 Web Forms does not use SimpleMembership; it implements OAuth on top of ASP.NET Membership
  • SimpleMembership has been designed as a replacement for the previous ASP.NET Role and Membership provider system
  • SimpleMembership integrates with the previous membership system, but you can’t use a MembershipProvider with SimpleMembership
  • The new ASP.NET MVC 4 Internet application template AccountController requires SimpleMembership and is not compatible with previous MembershipProvider.