Monday, September 24, 2012

Visual Studio 2012 uses SimpleMembership as its new Membership Provider

Simplified approach to implementing Forms Authentication in MVC 4 Web-apps in VS 2012

(This is the 1st of a 3-article series, on using SimpleMembership along with customized fields)
Article 1: This article

Feature highlights

  • Schema gets built directly - no more aspnet_regsql.exe (or  aspnet_regsqlazure) needed;
  • Much simplified as compared to the earlier membership provider;
  • Usable both for SQL Azure as well as on-premises databases;
  • Supports OAuth/OpenID, to authenticate users through Facebook, Google etc.
  • Easy customization: Adding custom fields to your MVC 4 Registration System

The most interesting details of SimpleMembership

Visual Studio 2012, launched August 15th, uses the new (and very appropriately named) SimpleMembership as its default forms-authentication membership provider for MVC 4 Web Applications, replacing the ASP.NET Membership Provider that all of us have been using for many years. This is a very welcome change. Some of the most interesting changes that we see immediately in this are:

  • Highly simplified database schema - has just 5 tables, no Views, and no stored procedures.
  • Does not use the aspnet_regsql.exe command line tool to generate the schema. Rather, the tables are generated automatically the first time you add a user into the system (through your application). The database used is whatever you set in the connection string in your web.config file.
  • The same approach can be used to create the Membership system in Windows Azure, simply by giving the correct connection string in web.config. Since there are no stored procedures and Views to worry about, the system is just a set of tables that is easily synchronizable between your SQL Azure database and your on-premises database.
  • Another plus for Azure users: now you don't have to worry about the aspnet_regsqlazure tool any more, because the tables are generated by the new system itself.
  • The UserId is now an int column, not a Guid that was used in the previous ASP.NET Membership system. This simplifies the system even more, and reduces space requirement a bit. Please note, however, that you may have to pay attention to this if you need to merge data from 2 separate implementations of the SimpleMembership provider, else there may be key duplication conflicts.
  • Supports user authentication through their Facebook, Google, Microsoft Live, Twitter etc accounts, by simple changes in the AuthConfig.cs file in your project (for details, please visit: OAuth/OpenID Support for WebForms, MVC and WebPages).

A quick VS 2012 web project to check out SimpleMembership

    1. Create a new ASP.NET MVC 4 Web Application, and call it, say, SimpleMembershipTest.

      2. On the next screen, select Internet Application, and create your new project.

      3. Once the new project is created, it's a good idea to update all your NuGet packages - do this by clicking on Tools \ Library Package Manager \ Manage NuGet Packages for Solution, and then selecting Updates > All. Update each of them one by one by clicking on the Update button. (Note - all the DotNetOpenAuth packages will get updated when you simply update the first one.)

      4. In the new project's web.config file, change the connection string for DefaultConnection reflect your server, database and relevant db user info. If you specify the "sa" user, even the database itself can be created by your app, however this obviously does not represent best practices.

      5. Now press F5 or Ctrl-F5 to run the app, and click the Register button - specify a new user id and password and voila! Your new database schema gets created, along with a data row for the new user! And do notice that it's very lightweight - no SPs and no Views

      6. Select data rows from the tables, and you'll see the new user has been created there.

      Happy coding!

      (This is the 1st of a 3-article series, on using SimpleMembership along with customized fields)
      Article 1: This article


      1. How does this relate with Forms Authentication? Does the SimpleMembership provider already take care of it?

        1. Yes, SimpleMembership is the new Forms Authentication provider, completely replacing the original aspnetdb provider.

      2. Nice post.. I was working on new website in VS 2012 and noticed that ASPNET database has been overly simplified :) I did a quick google search and landed in your blog.

        1. Thanks, Eyad. Yes, the SimpleMembership provider system is a tremendous simplification of the original system. It's a really good thing of course, considering the original ASPNETDB system was almost a decade old technology.

          Additionally, SimpleMembership works straight out of the box on SQL Azure also, thereby removing another impediment that ASPNETDB faced.

      3. Hi,
        After updating all the files I have this error when I load the project.
        Could not load file or assembly 'WebGrease' or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045).
        Can you please help me

      4. Hi ,

        after do all the stape , i publish my application in my iis server. but all the client in the same rang IP can not add the new user in my application (i use membership for connexion) because she can not access to my data base.

        can some body can help me? i don't speak very well english