What is the difference between Simple Membership and Membership in asp.net? Is Simple Membership introduced in mvc 4.0?
ASP.NET membership was the traditional approach for authentication, authorization from the microsoft team.But, with the release of mvc 4, they introduced new improved version with name Simple Membership.Simple membership relies on Extended Membership Provider
Behind the scenes, the SimpleMembershipProvider and the ExtendedMembershipProvider, as well as DotNetOpenAuth are all at work.
These changes was the need, because many web sites no longer want to store user credentials locally. Instead, they want to use OAuth and OpenID so someone else is responsible for keeping passwords safe, and people coming to the site have one less password to invent (or one less place to share an existing password). With these changes it is easy to authenticate a user via Facebook, Twitter, Microsoft, or Google. All you need to do is plugin the right keys.
Summary:
1)SimpleMembership has been designed as a replacement for the previous ASP.NET Role and Membership provider system.
2)SimpleMembership solves common problems developers ran into with the Membership provider system and was designed for modern user / membership / storage needs.
3)SimpleMembership integrates with the previous membership system, but you can't use a MembershipProvider with SimpleMembership.
4)The new ASP.NET MVC 4 Internet application template AccountController requires SimpleMembership and is not compatible with previous MembershipProviders.
5)You can continue to use existing ASP.NET Role and Membership providers in ASP.NET 4.5 and ASP.NET MVC 4 - just not with the ASP.NET MVC 4 AccountController.
6)The existing ASP.NET Role and Membership provider system remains supported, as it is part of the ASP.NET core.
7)ASP.NET 4.5 Web Forms does not use SimpleMembership; it implements OAuth on top of ASP.NET Membership.
Hope, you got the clear concept of your question.
Related
Regarding ASP.NET Identity: how often is ASP.NET Identity used in real situation website projects?
We were only taught this in our studies and was wondering is there anything other options other any ASP.NET Identity when using Visual Studio and that is better.
Asp.Net Identity is the latest library by Microsoft and before it, we have been using Asp.Net Membership Provider and Web Security.
Since Asp.Net identity is built on OWIN, and working nice with Asp.Net Core, I don't see any other option to be used or offered by Microsoft.
You can use it for Forms Authentication, OAuth, Integration with Most of Social Identity Provider and Azure Active Directory.
I would say, it is the way to go
You can use MembershipReboot too, it is also good library for authentication in ASP.NET.
link: https://github.com/brockallen/BrockAllen.MembershipReboot
I have started to create ASP.NET membership for learning basis but i found new ASP.NET Identity. Some people suggested that latter is advanced than ASP.NET membership and ASP.NET simple membership.
I have read the comparison from this source. But still i have some questions because i some things are still unclear to me.
Can i use owin and oauth with ASP.NET membership and simple membership?
how i can authenticate web api with ASP.NET membership and simple membership?
Can i customize tables for profile, user and role in ASP.NET Identity?
Please suggest. If any one can suggest me a good reference for authorization and authentication of web API and ASP.NET Identity configuration, it would be great.
ASP.NET Identity is now a mature technology and it's complex enough to accommodate all your requirements.
More than so, there is even a better solution, it's called ASP.NET Identity Server and comes with couple things extra:
Can be used with Identity
Implements SSO (Single Sign-On)
Can be used with Entity Framework
It's a self host product
So to answer you're questions:
No, you cannot use both Identity and Simple Membership.
Using ASP.NET Identity Server, via a token.
You can customize the tables to meet you requirements.
Here is the official documentation for the Identity Server.
I already have a big ASP.Net project in which all user management is donde through the use of Membership and Forms Authentication. I would wish to move everything to the new ASP.Net identity + OWIN, yet I have no clue about how to do it.
All examples I've seen so far regard the use of Entity Framework, but I'm not using it since I already have a built big database.
Can anyone point me to some resources or how I can move from legacy Forms Authentication to OWIN + ASP.Net identity?
Thank you.
I have an application running ASP.NET on 3.0 framework that uses form authentication. I am now building and MVC 4 application that also uses forms authentication and I would like to share authentication between the two apps. I have both config files matching for the auth tag and exact machine key tags. I think my problem is that the ASP.NET application uses the old ASP membership provider which has the user passwords in MD5 format, and the MVC application is using simple membership, password format SHA1.
Is there a way to share user authentication between the two apps even with different credentials(password formats)?
For the main app that authenticates in the forms tag I have this
<credentials passwordFormat="MD5"/>
I am not really sure if this is my issue or what's going on.
Well figured out my answer. All I had to do was add in the tag was the attribute compatibilityMode="Framework20SP2".
This was due to the fact my ASP.NET app was running on the older framework and my new MVC app was on framework 4.0
Your options are pretty much:
Write your own ASP.Net 2.0 MembershipProvider to use the PBKDF2 algorithm to store passwords (Resetting everyone's passwords will be required).
You don't get to override SimpleMembershipProviders storage of passwords (that I know of) so you'll have to writing your own ExtendedMembershipProvider to duplicate the ASP.Net 2.0 security mechanisms in the default MembershipProvider.
As a side note, MD5 is (in my opinion) a terrible algorithm to store passwords. At this point from what I've read bcrypt or PBKDF2 is recommended by most security experts.
If you're interested on the changes Microsoft made to increase security in .Net releases the article Stronger Password Hashing in .NET with Microsoft’s Universal Providers is a good read.
I'm somewhat confused by membership providers for .NET. I have built a MVC 3 web application, but obviously login pages don't work out-of-the-box because I need to wire up a membership provider. I would have expected this process to be easy, but when I search for help I find numerous articles on writing custom providers. Can't I just set up a table or two, wire up a few details in web.config and have things work based on some default MVC membership provider?
I have no desire to re-invent the wheel!
TIA.
The MSDN membership installation documentation is still applicable through to .NET 4, although note that the default Membership provider changes in 4.5 - totally different table structures.
TL;DR
Create the aspnet membership database OR add the tables to your existing database (aspnet_regsql.exe, which is in the .net 2 framework folder)
Add the necessary membership and role provider configuration sections to your web.config.
Use the site admin tool to add users (or at least an initial Admin User)