Simplemembership implementing anonymous users method

Question

Jon Galloway has an overview - http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx - of the new membership features in ASP.NET MVC 4. The Internet project template moves away from the core membership providers of ASP.NET and into the world of SimpleMembershipProvider and OAuth.

Refering to simplemembership, does anyone know if its possible to extend it using open source http://aspnetwebstack.codeplex.com/ in order to be able to allow anonymous users stored in database - probably in userprofile table?

I checked the http://msdn.microsoft.com/en-us/library/webmatrix.webdata.simplemembershipprovider simplemembership provider class but its methods have no reference to anonymous identifications.

If its not possible, does anyone have information about building an ExtendedMembershipProvider to do that?. brgds!

UPDATED INFO: from pro.asp.netmvc3 book. regarding authentication authorization-

Enabling Anonymous Profiles: By default, profile data is available only for authenticated users, and an exception will be thrown if we attempt to write profile properties when the current user hasn’t logged in. We can change this by enabling support for anonymous profiles, as shown in Listing 22-17. When anonymous identification is enabled, the ASP.NET framework will track anonymous users by giving them a cookie called .ASPXANONYMOUS that expires after 10,000 minutes (that’s around 70 days). We can enable anonymous support for profile properties by setting the allowAnonymous attribute to true; in the listing we have enabled anonymous support for the Name and City properties. Enabling anonymous profiles makes it possible to read and write profile data for unauthenticated users, but beware, every unauthenticated visitor will automatically create a user account in the profile database.

I Would like to replicate this in simplemembership. I dont want to use old profile system bbecause its store values in blob. brgds!.

**Update: listing 22-17: Listing 22-17. Enabling Support for Anonymous Profiles

<configuration>
<system.web>
<anonymousIdentification enabled="true"/>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="ApplicationServices"
applicationName="/" />
</providers>
<properties>
<add name="Name" type="String" allowAnonymous="true"/>
<group name="Address">
<add name="Street" type="String"/>
<add name="City" type="String" allowAnonymous="true"/>
<add name="ZipCode" type="String"/>
<add name="State" type="String"/>
</group>
</properties>
</profile>
</system.web>
</configuration>

When anonymous identification is enabled, the ASP.NET framework will track anonymous users by giving them a cookie called .ASPXANONYMOUS that expires after 10,000 minutes (that’s around 70 days). We can enable anonymous support for profile properties by setting the allowAnonymous attribute to true; in the listing we have enabled anonymous support for the Name and City properties.**

Answer 1

I think the scenario you are describing is one where a user registers with the application but maybe they are not confirmed, completed their profile, or some other criteria; and until the time they complete these requirements they are considered anonymous users which have limited access to the application. I am assuming the user has some minimum information entered to identify the user, such as a user name and password.

Probably the easiest way to handle this is to have an "anonymous" role that all new users are automatically assigned to. Now you can use the basic forms authentication methods to restrict access to controllers/actions using the AuthorizeAttribute. Once the user has completed the criteria for not being anonymous you can switch their role or just add a new one that gives them full access.

If the users are truly anonymous and you have no way to identify them you would still use role based authorization and forms base authentication to give restricted access by decorating controllers/actions with the AllowAnonymousAttribute for areas you want to allow access.

Updated Answer Based on Updated Question

Take a look at the answer in this ASP.NET Forum. Basically what it is saying is that you can achieve your objective by managing your own cookies and your own database schema, but it will not work as part of the SimpleMembership provider.