Membership

When first released as part of ASP.NET 2.0 in 2007, the original ASP.NET Membership provider was immensely useful for user and role management. Over time, however, it's started to sport some gray hairs and show its age. It doesn't support certain workflows that modern websites use. For example, when a user forgets his or her password, it's customary that a website sends an e-mail that contains a URL to click on. The URL contains a confirmation token that expires after some interval. The user clicks on the URL to access a page that allows the user to change his or her password. That workflow is difficult to implement with standard Membership.

Another limitation of Membership is the challenge of integrating it with other authentication systems and your own user data. Fortunately, the ASP.NET team addressed many of these issues with the new SimpleMembership feature.

Originally written for ASP.NET Web Pages, the ASP.NET team incorporated SimpleMembership into ASP.NET MVC 4. SimpleMembership is more like a library than a framework. Define your Users table however you see fit and let SimpleMembership handle the credentials. All you need to do is tell SimpleMembership how to match the user in your database with a set of credentials by providing the table name and the username/e-mail column.

The approach taken with SimpleMembership is to provide a library of methods for securely storing passwords, integrating with other authentication providers, etc. This means that features ...