16

I am exploring the possibilities of ASP.NET MVC in the example webapplication of Visual Studio the WebMatrix.WebData.WebSecurity is used for Membership (creating accounts, and specify that a user is logged in to view a specific page etc.). But after some searching I found that there is also a System.Web.Security.FormsAuthentication class that can be used for Membership.

Does anybody know the differences/pro's and cons between these two classes? And when to use WebSecurity and when to use FormsAuthentication? (and maybe a clear example of FormsAuthentication)

Thanks in advance

mrtentje
  • 1,402
  • 2
  • 22
  • 43
  • 2
    Here is a Blog Post by Jon Galloway that may help clarify some of the benefits and tradeoffs in deciding between the two http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx – Jive Boogie Oct 01 '12 at 21:30

2 Answers2

16

WebSecurity was introduced in WebMatrix 2 and ASP.NET MVC 4. It relies on the SimpleMembershipProvider. Under the covers it uses FormsAuthentication to manage cookies. So I guess that if you are starting a new project you would opt for the new model if this model fits your needs. Bare in mind that the SimpleMembershipProvider exposes less functionality than the original provider.

The original membership provider uses the SqlMembershipProvider which in turn uses plain ADO.NET to query the database.

The SimpleMembershipProvider uses the new Database class introduced in WebMatrix to query the SQL database.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • 1
    So for a new ASP.NET MVC 4 application is doesn't matter which one will be used? – mrtentje Oct 01 '12 at 18:55
  • 3
    No, it doesn't really matter. The Internet Application Template uses WebSecurity by default. But personally I never use any templates. I create an empty application starting from scratch where I use whatever I want to use. – Darin Dimitrov Oct 01 '12 at 18:56
  • Thanks for your quick answer! (Just wondering) what do you prefer when you start from scratch? Do you use one of these (WebSecurity or FormsAuthentication) or do you create your own or another library? – mrtentje Oct 01 '12 at 19:01
  • That will depend on the project I am starting and the specific requirements. There's no general answer to this question. – Darin Dimitrov Oct 01 '12 at 19:01
  • _(Sorry for the curiosity)_ But can you give a (small) example where I can think about which requirement(s) for example? (The pro's and cons of WebSecurity vs. FormAuthentication) (I have seriuosly no idea how to make a decision based on requirements for this membership/authorization problem) Thanks in advance! – mrtentje Oct 01 '12 at 19:40
  • WebMatrix.WebData.WebSecurity is a facade over SimpleMembershipProvider and uses FormsAuthentication. WebSecurity Source Code: http://aspnetwebstack.codeplex.com/SourceControl/changeset/view/854bcdb520dc#src/WebMatrix.WebData/WebSecurity.cs – Aaron Hoffman Mar 06 '13 at 23:04
  • so given that this method queries the database, I guess it's only MS SQL Server compatible? – knocte Apr 17 '14 at 19:15
8

The main differences between old ASP.NET Membership provider and SimpleMembershipProvider are explained in this good article - http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx

It is better to use SimpleMembershipProvider (WebMatrix.WebData.WebSecurity) than old ASP.NET Membership Provider (or Universal Providers)

Sergey
  • 1,075
  • 14
  • 20
  • man the link you shared was awesome, it has every thing for beginners to take a start from.I would recommend all to read this reference link. Thanks again @Sergey – Malik Khalil Dec 18 '16 at 19:52