Last post Oct 22, 2013 10:42 AM by TheNutCracker
Oct 22, 2013 06:29 AM|TheNutCracker|LINK
I've read a few generic tidbits that Microsoft has been passing out like treats for a dog but I don't see anything that explains the purpose/reasoning/design philosophy for why this namespace was created, whether or not I should migrate to using it immediately
versus the old System.Web.Security.Membership namespace, whether the old namespace has any potential for being deprecated.
I like treats but where is the main course for this new namespace. Can somebody post some links to some blogs that explain things like the pros/cons of the old and new Membership systems? I am taking a wild guess here and thinking that the new Microsoft.AspNet.Identity
namespace was created primarily to allow external logins to be possible. But I thought that was already possible using OpenAuth or some other such stuff. I don't have much experience in exploring external login namespaces. I've always used the "Indvidual User
Account" .MDF database system.
It's something I want to explore and use if I can see its worth and its purpose. Sometimes I wonder if Microsoft makes up this stuff just to sell a new version of Visual Studio every year. That's the cynic in me. So, anyone who can post links about the purpose
and design philosphy behind this that would be great.
Thanks for reading.
Oct 22, 2013 07:38 AM|bbcompent1|LINK
Apparently, it has some major advantages over the previous identity methods:
Following are some of the feature of the ASP.NET Identity system
Oct 22, 2013 07:40 AM|bbcompent1|LINK
I am taking a wild guess here and thinking that the new Microsoft.AspNet.Identity namespace was created primarily to allow external logins to be possible. But I thought that was already possible using OpenAuth or some other such stuff. I don't have much experience
in exploring external login namespaces. I've always used the "Indvidual User Account" .MDF database system.
OpenAuth would of course work but the advantage here is you wouldn't need to use a third-party package to implement it from what I can theorize about it.
Oct 22, 2013 07:50 AM|bbcompent1|LINK
Here is some more information about it and the author seems to support reasons to make the switch.
"The new identity system is based on OWIN, the Open Web Interface for .NET. OWIN is an extensible middleware layer that lets you plug into an authentication pipeline. That's a topic for another
article -- more like a series of articles -- but it's a technology that developers in the Microsoft web space will want to learn more about. It's already integrated into some of the latest tool and technologies surrounding Visual Studio 2012."
Oct 22, 2013 08:14 AM|BrockAllen|LINK
Many of those write ups are high level overviews. I dug into the framework and did a bit of a deeper article on it:
I think this should give you the info you're looking for.
Oct 22, 2013 08:19 AM|TheNutCracker|LINK
The first 5 bullet points you posted/quoted seem redundant to me. Can you not do all those 5 things with the old System.Web.Security.Membership namespace? Come on. I am willing to give these stuff the benefit of the doubt but I am just not seeing it yet
except for the last 2 points.
Seriously, a bullet called 'Persistence Control''. Isn't that the primary purpose of using a database? LOL. I think Microsoft are marketing geniuses. They keep reinventing the wheel every year by giving it a different coat of paint and a new name. If theres
a 'new and improved' sticker on it, I think people will buy it. And Microsoft knows this better than anyone.
Thanks for your posts. I think it's gonna take me a little more time to research this stuff and see if there is any justification for this or not. Obviously, there is justification but I am not sure how much.
I am thinking I need to purchase a book on OpenAuth or something of that nature.
I've always been cautious about logging into multiple websites with just one account myself. It would create a rather pretty picture for the NSA I am sure. I wonder how most people feel about this.
Oct 22, 2013 08:29 AM|BrockAllen|LINK
@TheNutCracker -- seriously, go read the post I linked :)
Oct 22, 2013 08:30 AM|bbcompent1|LINK
I happen to subscribe to the golden rule of development, "If it isn't broke, don't fix it." Generally, whenever I have tried to implement some shiny new MS implementation, I almost always run into compatibility issues and recoding. So, unless my boss mandates
it or there is a real business case for using the "new" interface, I generally will not do that with existing systems. Perhaps if I am developing a new system, I might try the shiny new thing but I say leave your legacy systems alone unless you really need
to do it. Just my two cents worth.
Oct 22, 2013 08:37 AM|TheNutCracker|LINK
I am simply looking at this situation from the perspective of what it would add to my websites. Is it something really cool that would make my website more appealing to a lot of people. Or is it just a select group of people who would actually use the technology.
The only justification I see with migrating to the new Membership system is the OpenAuth type functionality. And my question at this stage of the game is, how popular is the ability to be able to log into multiple websites with a single user account? With
the revelations about the NSA spying on everything we do it gives me reservations personally. But maybe I am more conservative than most people are today.
I guess I need to start from the very beginning with this external login design philosophy. One more area of technology to explore. There's never a shortage it seems.
Oct 22, 2013 10:11 AM|BrockAllen|LINK
A few more things to keep in mind:
- The ASP.NET Identity is essentialy just the code to manage the database. It's separate from the rest of the security system, such as the cookie authentication code.
- Forms authentication is no longer being used. Now they're using katana cookie authentication middleware.
- VS2013, MVC5, etc -- these no longer use dot net open auth as their OAuth implementation. They've moved to katana middleware.
Oct 22, 2013 10:42 AM|TheNutCracker|LINK
Thanks for the link to your article on this matter. It was very interesting to read. I am always questioning some of the things Microsoft does and then I say to myself, "Oh well, I guess there's a good reason for it.". Or maybe I'll say, "Oh well, they know
better than I do." After reading your article it makes me question whether or not my faith has been properly placed.
I guess everybody would assume that a multi-billion-dollar company that has dominated most of the PC industry for the past 20 years knows what they are doing. But the Windows 8 disaster should be proof for anybody that they don't always get it right.
Not sure where to go from here. I think I need a new profession. :)
P.S. Thanks for writing that article. I know its probably not the most popular thing for people to point out the shortcomings in Microsoft's code. But I believe its a good thing. Hopefully, they will read your article and fix their shortcomings.