ASP.NET Identity vs Simple membership Pros and Con

2019-01-16 16:27发布

问题:

In MVC4 we had Simple Membership. My opinion is that Simple Membership was a good Identity Model tried and tested with good documentation and didn't need to be fixed but simply needed an upgrade in terms of Email Verification/ Password Reset and all other stuff that we normally have to deal with when building an app. However the new ASP.NET Identity model seems achieve Something of sorts that Vista achieved over XP. I mean AspnetUserClaims and AspnetLogins could have been bunched together as UserAliases. And Microsoft should have provided some methods for the Email part of my babble. Having just discussed my opinion based on first looks which might be deceiving my question is

I am trying to decide whether I should move from Simple Membership to the new ASP.NET Identity but since documentation and tests of ASP.NET Identity model is sparse, conflicting and hard to locate using Google. So can someone with experience of both please summarize the pros and cons?

回答1:

@Roman references some good articles that looks at the pros and cons of ASP.NET Identity and the membership provider model.

ASP.NET Identity gets away from the membership provider model, which I believe is a good thing. There are some definite problems with Simple Membership when you wanted more advanced security features and if it was anything more than "simple" you ended up creating your own security solution. I am moving forward with ASP.NET Identity because it much more extensible than Simple Membership and although the documentation and support is weak right now I believe it will get better as it matures, just like Simple Membership did. If you can get past the growing pains I believe ASP.NET Identity will be a far better solution than Simple Membership was and I like the tight integration with OWIN, which will be important going forward. As for email verification with ASP.NET Identity, here is an article that describes how to implement this. You can get complete source code here. And the solution described here also provides password reset with ASP.NET Identity.



回答2:

As for me, they are all quite far from being perfect. Check these out:

  • The good, the bad and the ugly of ASP.NET Identity

  • Think twice about using MembershipProvider (and SimpleMembership).

So I prefer to use MembershipReboot.

EDIT: (May 2018). Brock Allen of MembershipReboot has the following, to say on the Project site.

As of 2017 MembershipReboot will no longer be maintained. It has served its purpose, and ASP.NET Identity has finally caught up (and surpassed) this library in terms of security and functionality. If you are interested in taking over maintenance, let me know.