Showing posts from April, 2013

Using Code-First Migration With SimpleMembership

In previous posts I have written about customizing and seeding SimpleMembership, the newest membership provider used in ASP.NET MVC 4 Internet applications.  In the example in this previous post we setup a database initializer that can be set to either to a type of DropCreateDatabaseAlways or DropCreateDatabaseIfModelChanges. As the name implies DropCreateDatabaseAlways will drop the database and recreate it every time the initializer is called, which is at application start, and will run the method to seed the database after creation.  DropCreateDatabaseIfModelChanges varies in that it will only recreate the database if the database model changes in your code.  Both of these approaches work great during development and unit testing but you would not want to deploy the solution this way for production.  This is where code-first migration comes in.

Code-first migration allows you to update the database without having to recreate it and therefore loosing the data that is already in the …

Using SimpleMembership With Mobile Applications In ASP.NET MVC 4

Someone recently asked on StackOverflow if you can use the SimpleMembership provider in a mobile application generated by the mobile template for ASP.NET MVC 4.  The shell of the mobile application generated by this template generates basic security, such as logging in, logging out, registration and password reset, but it uses the older ASP.NET membership and role providers.  So I thought this would be a good exercise to see if I could use the open source project SimpleSecurityto switch the mobile application to use the SimpleMembershipProvider.  SimpleSecurity helps decouple SimpleMembership from an MVC application.  It turns out that it was quite easy to add SimpleMembership to an ASP.NET MVC mobile application when using SimpleSecurity.

First add the SimpleSecurity assembly as a reference in your mobile project. You will also need to add WebMatrix.Data and WebMatrix.WebData as references. In the properties for these two assemblies set the property Copy Local to true.

Next modify yo…

Password Reset with SimpleMembership

SimpleMembership is the new security provider that is bundled with ASP.NET MVC 4 when you use the Internet Template to create a new application.  In this article I will demonstrate how to add password reset to your MVC application using SimpleMembership. For this demonstration I will use SimpleSecurity, an open source project that decouples SimpleSecurity from your MVC application. The concepts in this article still apply if you do not use SimpleSecurity and you just want to use SimpleMembership directly.

The basic steps for changing a password when using SimpleMembership is to first generate a unique token that is emailed to the user as a link.  Then the user clicks on the link passing the token in the query string. The user is presented with a web page to enter the new password and when they submit it the token is verified and if it passes the new password is updated in the users membership information. This method of password reset is very flexible since it can be used to just chan…

Retrieving Confirmation Token in SimpleMembership

A reader commented on my blog "Adding Email Confirmation to SimpleMembership" that they would like the ability to resend the email confirmation to users that did not receive it for whatever reason.  This seemed like a reasonable request and it is actually asked a lot on various forums.  The problem is that WebMatrix.WebData.WebSecurity does not provide a method to retrieve the confirmation token so that you can resend the email.  The token is only provided when you call CreateUserAndAccount and set requireConfirmationToken to true.  It turns out the only way to get the confirmation token in SimpleMembership is to directly query the webpages_Membership table.  I have encapsulated this functionality in the open source project called SimpleSecurity.

SimpleSecurity encapsulates WebSecurity and adds missing features like getting the confirmation token. It also decouples the security model from the ASP.NET MVC framework.  Now you can just call SimpleSecurity.WebSecurity.GetConfirm…