Is ASP.NET MVC 5 incompatible with the WebMatrix SimpleMembershipProvider?

Question

We have an existing application that was build on ASP.NET MVC 4 & Web API. The admin parts of the site use Simple Membership. I\'m interested in upgrading the applicatio

Answer 1

WebMatrix is compatible with MVC 5.

What I did was to take an empty MVC 5 project and incorporate WebMatrix SimpleMembershipProvider into it using SimpleSecurity, an open source project that decouples SimpleMembership from your MVC application. So far I am able to create the database, seed it, and log in and out. I plan on adding other features to this reference application, such as email confirmation and various tests. When I am done I will post the source code in the SimpleSecurity Project

If I had to guess, your problem may be with the upgrade process. What process did you take to upgrade your MVC 4 project to MVC 5? Did you follow this process? What version of the WebMatrix assemblies are you using? What version of Visual Studio are you using? I am using version 2.0.0.0 of WebMatrix and Visual Studio 2013 RC.

---

Update (10/25/2013)

I continued my experiment with adding SimpleMembership to an MVC 5 project and somewhere along the line it broke and I got the same results as @Sixten Otto. I did not test incrementally as I added things but I am suspicious it may have happened when I installed the Web API assemblies. They are not installed by default when creating a new MVC 5 project.

I did some more research on the error and came across this QA titled "Attempt by security transparent method 'WebMatrix.WebData.PreApplicationStartCode.Start()'". This is an old QA and originally someone was getting this same error when upgrading an MVC 3 app to MVC 4. But recently people have been adding answers in regards to upgrading to MVC 5 and one of the answers worked for me. The solution for me was install the NuGet package Microsoft.AspNet.WebHelpers. After installing this package everything worked fine.

A note about my research into migrating to the new ASP.NET Identity is that they do not use the same password hash, which precludes moving old members into a database used by ASP.NET Identity. ASP.NET Identity seems to be in real flux right now so maybe they will come up with a solution for this.

---

Update (2/16/14)

I erroneously reported that the hash algorithm for passwords was different in SimpleMembership and ASP.NET Identity. I assumed this based on a visual inspection of the hashed passwords, assuming that it was just the hashed password that was in the fields. After further research I found that SimpleMembership uses the System.Web.Helpers.Crypto class for hashing the password and what is stored in the password field is actually a 256 bit subkey and the salt. With that information I ran some tests to validate that ASP.NET Identity can verify passwords that are generated by SimpleMembership, and it passed. I was trying to find out what hash algorithm SimpleMembership used so I could plug in a password hasher in ASP.NET Identity that would allow me to migrate data from a SimpleMembership webiste to one that used ASP.NET Identity. Turns out it is not necessary. I talk about the password hash and how to migrate the data from SimpleMembership to ASP.NET Identity in more detail in this article.