When we choose New Project --> MVC 4 --> Internet Application, it will automatically generate AccountController for us. In this controller, I only care about 2 actions, Login and Register.

In MVC 3, it uses Membership's static methods, ValidateUserin Login action and CreateUser in Register. So, if I want to integrate it with my own database, I just need create CustomMembershipProvider by extending MembershipProvider and override that two methods.

But in MVC 4, it uses WebSecurity.Login and WebSecurity.CreateUserAndAccount. My questions are:

1. How can I make it use my own database like I did in MVC 3?
2. What's the different? Why doesn't it keep using static Membership methods? Why does it have to change to WebSecurity?

Thanks so much for your help.

You will need to implement you own Membership and Role providers.

Custom Provider:

namespace MyApp.Helpers
{
    public class CustomProviderProvider : SimpleMembershipProvider
    {
        public override MembershipUser GetUser(string username, bool userIsOnline)
        {
            return base.GetUser(username, userIsOnline);
        }

        public override bool ValidateUser(string username, string password)
        {
            return true; // base.ValidateUser(username, password);
        }
    }
}

You will just need to override the methods you want to "intercept" (ie ValidateUser). You will also need to register the provider in the web.config file:

<system.web>
    <membership defaultProvider="CustomMembershipProvider">
      <providers>
        <clear/>
        <add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
        <add name="CustomMembershipProvider" type="MyApp.Helpers.CustomMembershipProvider, MyApp" />
      </providers>
    </membership>
</system.web>

You should also have a Filter called "InitializeSimpleMembershipAttribute"

namespace CustomPortal.Filters
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
    public sealed class InitializeSimpleMembershipAttribute : ActionFilterAttribute
    {
        private static SimpleMembershipInitializer _initializer;
        private static object _initializerLock = new object();
        private static bool _isInitialized;

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            // Ensure ASP.NET Simple Membership is initialized only once per app start
            LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
        }

        private class SimpleMembershipInitializer
        {
            public SimpleMembershipInitializer()
            {
                Database.SetInitializer<CustomPortalContext>(null);

                try
                {
                    using (var context = new CustomPortalContext())
                    {
                        if (!context.Database.Exists())
                        {
                            // Create the SimpleMembership database without Entity Framework migration schema
                            ((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
                        }
                    }
//Here is where you give it your connection string name
                    WebSecurity.InitializeDatabaseConnection("CustomPortal", "UserProfile", "UserId", "EmailAddress", autoCreateTables: true);
                }
                catch (Exception ex)
                {
                    throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
                }
            }
        }
    }
}

I hope this helps...

ASP.NET MVC 4 uses a new membership provider called SimpleMembershipProvider. WebMatrix is a facade over SimpleMembershipProvider. There is no longer a need to modify the config file with ASP.NET MVC 4. More info here: http://aaron-hoffman.blogspot.com/2013/02/aspnet-mvc-4-membership-users-passwords.html

1.How can I make it use my own database like I did in MVC 3?

A: No need to override SimpleMembershipProvider if you want to roll your own. Remove the reference to the InitializeSimpleMembershipAttribute in the AccountController class and modify the methods in the AccountController class.

2.What's the different? Why doesn't it keep using static Membership methods? Why does it have to change to WebSecurity?

A: ASP.NET MVC 4 Now uses a new membership provider: SimpleMembershipProvider.