ASP.net MVC 4 Users and Roles administration ("Membership.Provider" property must be an instance of "ExtendedMembershipProvider".)

Question

I've tried for 2 days to get something working but so far it's been pointless. What I need is to manage users and their roles, nothing else.

What I've tried is to understand how to do it in MVC but I can't seem to find a detailed tutorial on how to do it, either on the internet or in any MVC 4 book.

I started by enabling the aspnet database with the aspnet_regsql utility, this create these tables:

Tables added by aspnet_regsql

That's all I found on the tutorial, it does not show how to interact with these tables (which I assume is with the default membership provider), so far I've found there are 3 main options for doing this:

Default membership provider (from whom I know nothing)
Universal Providers
SimpleMembership

I found this tutorial:

http://www.asp.net/mvc/tutorials/mvc-music-store/mvc-music-store-part-7

Here they ask to create a new MVC 4 application project with internet application template and copy all the files relating the account control.

I did that for my project but as soon as I try to log in I get :

To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".

which according to this forum: http://social.msdn.microsoft.com/Forums/en-US/windowsazuredevelopment/thread/d352bb1b-577c-42b7-8872-5ed59cd65f32/

is because of how I defined the profile, membership and roleManager providers on my web.config file which is defined as follows:

<profile>
  <providers>
    <clear />
    <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="DatabaseConnection" applicationName="/" />
  </providers>
</profile>
<membership>
  <providers>
    <clear />
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="DatabaseConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
  </providers>
</membership>
<roleManager enabled="true">
  <providers>
    <clear />
    <add connectionStringName="DatabaseConnection" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
    <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
  </providers>
</roleManager>

All I need is to be able to add new users, assign roles to them and show different content according to the role accessing the view.

Question #1 What is the membership provider being used when I create an MVC 4 application with an internet application template?

Question #2

What am I doing wrong with the web.config file? How can I define the providers correctly?

Question #3

Which option suits me better? If you know a nice tutorial for it could you please link me to it?

Any help will be really appreciated! thanks in advance!

Did you look at ASP.NET Simple Membership? Here is a good starting point: http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx — Floremin, Mar 27 '13 at 16:26
I just noticed my controller class has a [InitializeSimpleMembership] which clearly states I'm using simplemembership On the link you send me they show how the web.config file defines the providers, I just added these to my web.config and as soon as I login i still get the same o call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider". What am I doing wrong? — oskar132, Mar 27 '13 at 16:41
Have you tried starting "clean" with Simple Membership? This thread might help: http://stackoverflow.com/questions/13324544/how-to-add-asp-net-membership-provider-in-a-empty-mcv-4-project-template — Floremin, Mar 27 '13 at 16:50
When user/membership needs are simple, I usually implement something myself. — Floremin, Mar 27 '13 at 16:53
Well this is my first professional web application and I really care about security but have no deep knowledge about it, isn't it risky to implement it yourself? seems like a big tradeoff to not use the options proposed by a company like microsoft. just my opinion, what do you think? — oskar132, Mar 27 '13 at 17:15

Win · Accepted Answer · 2013-03-27T17:10:18.377

4

Membership provider you are using is dated. New Universal Membership Provider uses new table names without prefix aspnet_.

1) Please take a look at Scott Hanselman's link.

2) You do not need profile if you do not use it. roleManager configuration is not correct.

FYI: Please define machineKey explicitly in web.config; it will save you a lot of headache in the future.

P.S. I agreed with you. I just finished reading Pro ASP.NET MVC 4 by Adam Freeman; he did not mention about Membership Provider. ASP.NET MVC 4 and the Web API by Jamie Kurtz uses legacy Membership Provider if you want to read.

edited Mar 27 '13 at 17:10

answered Mar 27 '13 at 17:03

Win

61,100
13
102
181

Could you please specify on the machinekey? what is it for? Thanks for your reply! – oskar132 Mar 27 '13 at 17:11
1

If password are encrypted or hashed, Membership provider use `machineKey` to generate it. If you move your application to different server, existing user cannot login anymore if `machineKey` is not explicitly define. – Win Mar 27 '13 at 17:15

score 1 · Answer 2 · answered Aug 20 '13 at 19:48

Question #1 What is the membership provider being used when I create an MVC 4 application with an internet application template?

Answer: SimpleMembershipProvider

Question #2 What am I doing wrong with the web.config file? how can I define the providers correctly?

Answer: For SimpleMembershipProvider, modifications to the web.config file are not necessary. See here for detailed configuration/setup information and tutorial: http://aaron-hoffman.blogspot.com/2013/02/aspnet-mvc-4-membership-users-passwords.html

score 1 · Answer 3 · answered Aug 19 '14 at 10:22

1

Membership and security was extremely overcomplicated in ASP.Net and is still overcomplicated in ASP.NET MVC. But fortunately it's possible to not use built-in membership at all. I've created simple solutione and used in a lot of projects and now added it to github see http://github.com/TesserisPro/ASP.NET-SImple-Security-Provider You can easy customize it.

answered Aug 19 '14 at 10:22

Dmitry

201
3
5

Thanks a lot, will take a look into it, however I saw that with the new mvc 5 they have changed the membership component and it seems a lot more easy to use, have you seen it? – oskar132 Aug 20 '14 at 23:26
Yes, I have. There was WebMatrix provider than OWIN provider. If you are migrating from MVC4 to MVC5 you will spent an hour or more dealing with this things and their dependencies, because the are still too complicated as for simple thing. That's why I created this one. It's just provides login feature users and very simple roles and doesn't depends on spaceships. – Dmitry Aug 26 '14 at 11:55
@Dmitry Everything is saved in 1 table with your sampleproject. It's a good template for small application. – JoshYates1980 Sep 02 '14 at 20:57

ASP.net MVC 4 Users and Roles administration ("Membership.Provider" property must be an instance of "ExtendedMembershipProvider".)

3 Answers3