Difference between FormsAuthentication Microst.AspNet.Identity.Owin.SignInManager.to authenticate

Asked 12/10, 2015 at 15:59 Answered 21/6, 2019 at 13:7

c#asp.net asp.net-mvc authentication forms-authentication

The default Project template of ASP.NET MVC comes with a class named Microst.AspNet.Identity.Owin.SignInManager. This class is used to authenticate users

I dont understand why should i use SignInManager instead of using simple FormsAuthentication in an ASP.NET MVC Project. What are the benefits of SignInManager?

Does it authenticate in a different way according to FormsAuthentication? Is it more secure then FormsAuthentication? What can i do else with SignInManager except authentication?

What is the relation between SignInManager and the code below? Does The SignInManager use the settings which are set below?

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

Punjab answered 12/10, 2015 at 15:59 Comment(0)

MembershipProvider came with FormsAuthentication in ASP.NET 2.

ASP.NET Identity came with SignInManager in ASP.NET 5.

ASP.NET Identity is a new version of MembershipProvider. It offers a lot more features than legacy MembershipProvider.

For example,

Two-factor authentication
Token-based authentication
Easy-to-add custom properties compare to MembershipProvider
Get instance of UserManager from the OWIN context

If you do not need all those features, you can stick with FormsAuthentication which can be used without MembershipProvider.

Tennes answered 12/10, 2015 at 16:24 Comment(3)

i have one question that Token-based authentication is different from claim based auth ? these two are different beast ? identity support claim that i heard but how token is different from claim that i do not know. so my request if anyone knows the difference between token & claim then please explain here. thanks – Pylon 19/9, 2016 at 20:39

@MonojitSarkar Token Based Authentication is a part of ASP.Net Identity. ASP.Net Identity use Claims-Based Authorization under the hood by default, although you do not have to use it (it is not common). If you still have question, could you create a new question? I'm glad to help you. – Tennes 19/9, 2016 at 22:32

just tell me Token Based Authentication and Claims-Based auth two different things. if yes then how they are different. i could not create a new post because if i post then people will give me negative vote. – Pylon 20/9, 2016 at 10:51

Forms Authentication is the old version of the authentication framework for ASP.NET. One really solid reason against using Forms authentication, is that it is deprecated.

The default template for ASP.NET MVC in the latest version of Visual Studio has an implementation of ASP.NET Identity Framework, hence the use of SignInManager. I believe that one of the main advantages to using ASP.NET Identity this is that it is hostable as OWIN middleware, which means it has no reliance on System.Web and thus no reliance on your web application.

Illustrative answered 12/10, 2015 at 16:0 Comment(7)

That doesn't really answer the question. – Blepharitis 12/10, 2015 at 16:3

ASP.NET MVC by default uses ASP.NET Identity, since version 5. Previously MVC used SimpleMembership, which was a wrapper around ASP.NET Membership, which used Forms Authentication. – Mittel 12/10, 2015 at 16:3

This is also not really true. Identity is the replacement for SimpleMembership – Belgium 12/10, 2015 at 16:3

Thanks, please help me to update the question so that it is more useful/accurate. – Illustrative 12/10, 2015 at 16:4

@DavidG: How is that not true? Yes, Identity is obviously a replacement to membership, but it doesn't change the fact that if you start a new MVC 4 project today, it's going to be using SimpleMembership with Forms Auth. Especially, for existing MVC 4 projects, converting to Identity is non-trivial. – Mittel 12/10, 2015 at 16:7

@ChrisPratt Well he said that Identity was a replacement for FormsAuth which was not true. I certainly didn't say it was trivial to convert to Identity. – Belgium 12/10, 2015 at 16:12

At no point did I say that Forms Authentication was a replacement for anything. Please check back on the edits. – Illustrative 12/10, 2015 at 16:13

The Idea is for OWIN to be Platform Agnostic. It's "Middleware" between your ASP.NET application and the platform that is running it. Forms Authentication is built for ASP.NET on IIS. OWIN can use other providers such as Google and Facebook.

Have a look at this article : https://www.tektutorialshub.com/owin/introduction-to-owin/

Sophey answered 21/6, 2019 at 13:7 Comment(0)

Recommended topics

Hot tags