To understand SimpleMembership and how it has evolved from, and depends on, the previous Membership implementation, I recommmend reading the original reference "Using SimpleMembership With ASP.NET WebPages (Matthew Osborn)", and my more detailed answer to "What is MVC4 security all about?" to understand it better. To summarise those references:
- SimpleMembership
- is a term that covers both the
SimpleMembershipProvider
and theSimpleRoleProvider
- is a storage and functionality provider that is used with Forms Authentication
- works within ASP.NET Forms and ASP.NET MVC websites, and can also be used within ASP.NET Web API and SignalR, to provide a unified authentication and authorisation model
- is a term that covers both the
SimpleMembershipProvider
- adds new features to the original MembershipProvider through the
ExtendedMembershipProvider
abstract base class, such as integration with OAuth providers out of the box - creates 4 default tables which you don't/shouldn't interact with (
webpages_Membership
,webpages_OAuthMembership
,webpages_Roles
,webpages_UsersInRoles
) and one (UserProfile
) which is yours to structure as you wish - works with the
WebSecurity
helper class to add new functionality - Moves from the "user profile" stored in a single xml field in the original Membership, to a more manageable property-per-column in the new
UserProfile
table (which is fully customisable using EF)
- adds new features to the original MembershipProvider through the
To answer your specific questions:
1) I use stored procedures for all database actions I don't use EF at all. If I use SimpleMembership is it possible to use it without EF?
You would not generally interact directly with the tables prefixed with webpages_
as there are API level functions in Membership
, WebSecurity
etc. to do all the business functions you require. However there is nothing to stop you interacting with UserProfile
through stored procedures, and if you didn't want to take advantage of the APIs, you could even interact with the webpages_
tables through sprocs as well (but you would just be duplicating all the benefits of SimpleMembership if you did).
2) Do I need to build custom SimpleMembership for real world application?
That very much depends on what you want to do, but as yet I have not had to do this for any real world applications. I have built on and added to the existing APIs, but not replaced them.
3) I saw that it seeds database Create tables. I have my tables Users, Profiles, Roles and UsersInRoles can I apply it to my custom schema?
If you were migrating to SimpleMembership you would have to port the data in these to the tables webpages_Membership
, webpages_OAuthMembership
, webpages_Roles
, webpages_UsersInRoles
and UserProfile
. However, note that UserProfile
can be called anything you want, you don't have to call it UserProfile
.
4) If I want to call WebSecurity.CreateAccount(...) and I want to call some my custom method from domain project that is responsible to call stored procedure that create user do I have to make it custom and if I have to do that is there some resource that explain how to make it custom for users and roles?
Its a little hard to understand your requirement, however WebSecurity.CreateAccount
does the following:
- Creates a record in
webpages_Membership
and - optionally adds properties to
UserProfile
if you useWebSecurity.CreateUserAndAccount
If you wanted to do other actions across your database you would then need to call that after your call to WebSecurity.CreateAccount
. You can make this transactional by using TransactionScope
If however you wanted to wrap this all in a single call to WebSecurity.CreateAccount
and make it call your own domain methods and stored procedures you will have to create your own provider by inheriting from SimpleMembershipProvider
(or from ExtendedMembershipProvider
). When WebSecurity.CreateAccount
then calls ExtendedMembershipProvider.CreateAccount
it will defer to your custom logic
Summary
So would I migrate? The benefits of SimpleMembership are meant to be:
- UserProfile: property-per-column storage of user data that plays well with EF or any other db development method
- Integration with OAuth, allowing you to use Google, Facebook etc. authentication with very little effort
- High level business function APIs in the form of
WebSecurity
, and continued support of existing features withMembership
- Continued support for Roles that works with the
Authorize
attribute - Integration with EF so that you can use UserProfile along with your own tables
- Integration with standard Forms Authentication for ASP.NET Forms and MVC, and also with SignalR and Web API.
If those help you out, then migrate, otherwise spend your dev time on new features for your application.
If you do decide to migrate, then "Migrating Legacy Apps to the New SimpleMembership Provider (Paul Brown)" is useful, which is summarised as:
- Modify
UserProfile
to have a field per property for your old user profile properties that were stored in xml - Migrate your data from the
aspnet_
tables to thewebpages_
tables - The first time each user logs in again, update their stored password to use the new hash model instead of the old
Membership
one (see the footnote to my answer here for how to do this)