In MVC4 we had Simple Membership. My opinion is that Simple Membership was a good Identity Model tried and tested with good documentation and didn't need to be fixed but simply needed an upgrade in terms of Email Verification/ Password Reset and all other stuff that we normally have to deal with when building an app. However the new ASP.NET Identity model seems achieve Something of sorts that Vista achieved over XP. I mean AspnetUserClaims
and AspnetLogins
could have been bunched together as UserAliases
. And Microsoft should have provided some methods for the Email part of my babble. Having just discussed my opinion based on first looks which might be deceiving my question is
I am trying to decide whether I should move from Simple Membership to the new ASP.NET Identity but since documentation and tests of ASP.NET Identity model is sparse, conflicting and hard to locate using Google. So can someone with experience of both please summarize the pros and cons?
The ASP.NET Identity is a fresh look at what the membership system should be when you are building modern applications for the web, phone or tablet. ASP.NET Identity allows you to add customized login/logout functionality and customized profile features that make it easy to customize the data about the logged-in user.
The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.
ASP.NET Identity is Microsoft's user management library for ASP.NET. It includes functionality such as password hashing, password validation, user storage, and claims management. It usually also comes with some basic authentication, bringing its own cookies and multi-factor authentication to the party.
@Roman references some good articles that looks at the pros and cons of ASP.NET Identity and the membership provider model.
ASP.NET Identity gets away from the membership provider model, which I believe is a good thing. There are some definite problems with Simple Membership when you wanted more advanced security features and if it was anything more than "simple" you ended up creating your own security solution. I am moving forward with ASP.NET Identity because it much more extensible than Simple Membership and although the documentation and support is weak right now I believe it will get better as it matures, just like Simple Membership did. If you can get past the growing pains I believe ASP.NET Identity will be a far better solution than Simple Membership was and I like the tight integration with OWIN
, which will be important going forward. As for email verification with ASP.NET Identity, here is an article that describes how to implement this. You can get complete source code here. And the solution described here also provides password reset with ASP.NET Identity.
As for me, they are all quite far from being perfect. Check these out:
The good, the bad and the ugly of ASP.NET Identity
Think twice about using MembershipProvider (and SimpleMembership).
So I prefer to use MembershipReboot.
EDIT: (May 2018). Brock Allen of MembershipReboot
has the following, to say on the Project site.
As of 2017 MembershipReboot will no longer be maintained. It has served its purpose, and ASP.NET Identity has finally caught up (and surpassed) this library in terms of security and functionality. If you are interested in taking over maintenance, let me know.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With