Support for SimpleMembershipProvider

Vote:
 

Microsoft wants to deprecate the old MembershipProvider which had a very SQL-centric API that they don't like anymore.

The replacement is called SimpleMembershipProvider, here's a nice blog post about it straight from the horse's mouth: http://weblogs.asp.net/jongalloway/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.

Unfortunately this new provider throws NotSupportedException on a lot of the old methods. Unfortunately both EPiServer CMS and EPiServer Commerce relies quite heavily on these. It would be nice if it worked even though they're still not implemented.

We are already running the SimpleMembershipProvider, but I've had to extend it and manually override and implement a lot of these methods to make EPiServer work and even allow user searching and editing from within the admin interface.

I don't like this solution at all though because these overrides need custom implementation for also accessing the same SQL tables as the standard SimpleMembershipProvider, opening connections and so forth. If EPiServer instead catched the NotSupported exceptions from the provider and ignored them and maybe tries to use another method that is supported with the new provider I wouldn't have to extend the SimpleMembershipProvider in order to use it and I could throw away a lot of old and ugly code I've had to write to work around this problem.

We've just started using commerce as well and I just found out today that EPiServer Commerce Manager uses some more methods that I never had to provide implementations for for using just CMS.

Specifically it failed right at login because setting the ApplicationName is not supported anymore. In order to get EPiServer Commerce to work with SimpleMembershipProvider and SimpleRoleProvider I had to extend the SimpleRoleProvider as well, creating even more unecessary code:

public class PiabRoleProvider : SimpleRoleProvider
{
    public override string ApplicationName { get; set; }
}

I also had to add this additional override to my already extended SimpleMembershipProvider (which has considerably more nasty overrides).

Now I can sign in to EPiServer Commerce with all accounts that are administrators instead of only admin/store, but for some reason the customer management section is now missing completely:

Commerce manager bug

I have no idea why this happens but I suspect it's also because of NotSupportedExceptions.

The site has been running for quite a while with the front end site using my custom SimpleMembershipProvider but the Commerce manager was still using the standard providers. With that setup I could log in to the manager only with admin/store and I could manage customers in there. (For some reason all our 1000+ users seem to automatically have been migrated to Commerce Customers, what causes that is an entirely different question though...)

#141381
Nov 13, 2015 13:32
Vote:
 

Thanks for the feedback. SimpleMembershipProvider never got any traction in the community and was replaced just a year later with ASP.NET Identity.

#141385
Nov 13, 2015 14:51
Vote:
 

Oh ok, I didn't know that. Thanks for the info. The reason I started messing with SimpleMembershipProvider about two years ago I think was because we were thinking about allowing social media logins on our new site.

The idea of social media logins was scrapped though so we actually don't have a need for the SimpleMembershipProvider anymore. I guess what I could do as well is try to migrate all of our existing users to another provider that is fully supported.

Migrating to ASP.NET Identity seems possible, I found this: http://stackoverflow.com/questions/30533784/how-to-migrate-from-simplemembership-to-asp-net-identity

But will that work better with EPiServer, do you support ASP.NET Identity?

Or will I have to "downgrade" back to the standard provider used by EPiServer again? Doing this without losing any user data like the hashed passwords doesn't sound all that easy to me.

#141387
Nov 13, 2015 15:08
Vote:
 

EPiServer supports that you can disable the membership system all together so that you can provide whatever authentication you want. See for example: http://world.episerver.com/documentation/Items/Developers-Guide/EPiServer-CMS/9/Security/aspnet-identity-owin-authentication/

Disabling the membership system will disable the admin UI for editing users and you need to provide a custom login page etc. To make sure users and groups can be read you need to provide a security entity provider, should work with SimpleMembership as well. This blog has an example security entity provider: http://sveinaandahl.blogspot.no/2015/11/how-to-fix-roles-in-episerver-when.html

#141391
Nov 13, 2015 16:15
Vote:
 

Thanks a lot for all the good answers Per. It turns out I'm probably fine still using my extended SimpleMembershipProvider together with the new very small extended SimpleRoleProvider I posted above for EPiServer Commerce manager.

The only reason all the management buttons disappeared inside commerce manager once I swapped providers there as well turned out to be because my other user wasn't in the "Administrators" group like the old "admin" user was.

It seems like the last thing you posted there could allow me to write more code to reconfigure EPiServer CMS to handle a standard SimpleMembershipProvider which could be interesting as well. The option to disable all of that completely is very nice that we have as well.

But right now it actually seems like all the standard tools for managing users in both EPiServer CMS and Commerce manager are actually working with my current solution. So for now I don't think I'll have to do any migration or refactoring for this.

If anyone else ever wants to do this for some reason, it seems possible to make it work smoothly with all standard EPiServer functionality as long as you override:

public override string ApplicationName { get; set; }
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
public override MembershipUser GetUser(string username, bool userIsOnline)
public override void UpdateUser(MembershipUser user)


That is code I would like to throw away though but as long as it works with both EPiServer CMS, Commerce and Commerce manager I'll just keep it. It's not too bad as long as it works.

But this feature request is probably not all that interesting for many since SimpleMembership is no longer the future standard provider for ASP.NET MVC and since it also has several workarounds to use it anyways.

#141443
Nov 16, 2015 11:01
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.