My Gestalt

Understand the chaotic world by developing meaningful perception through the acquisition of seemingly disparate knowledge.

Collect information in large quantity with precise detail and connect the dots of meaning to form your own picture of the universe.

Act upon it

Knowledge and understanding without action is waste.

Be Grateful

Never underestimate the power of gratitude.

Charity

Forgiveness will make your heart happy. Forgiveness is not about someone deserving it, it's about healing your heart.

Reflex.Membership

Almost every site uses some form of Membership even if there is only one member.

I was developing a new Single Page Application and needed one that worked with MVC, WebAPI and OAuth.

When developing with the Microsoft Stack, there are several options:

 

  • Asp.Net Membership Provider
  • Simple Membership Provider
  • Thinktecture.IdentityModel
  • Memflex
  • MembershipReboot
  • OWIN Membership

 

All of these are good solutions for many people.  They all had some shortcomings for what I wanted to do.

I won't beat up on any of them because they are all quite good.  Firstly, I don't use EF (or SQL for this App) so if it's tied to EF or SQL it won't work for me.  IdentityModel is great to use with IdentityServer, but I'm not.  Memflex lacks little, but it doesn't really do claims the way I wanted (it uses DotNetOpenAuth), MembershipReboot uses WIF.

None of these are written in VB and I really wanted one that is. Unfortunately there doesn't seem to be one that I can find. This isn't because VB is unsecure, there just isn't one, certainly nothing production ready.

Starting from scratch doesn't make a lot of sense, I want something that is mostly compatible with the above systems, but written in VB so I can drill into and modify the code when needed and show it in my Talks to VB Developers.

Reflex.Membership and Reflex.Roles are a complete, production ready implementation.  They are heavily based on Asp.Net Membership, Memflex and MembershipReboot, but all the code is written and available in VB.Net.

This does not restrict them for use in VB Projects, they work perfectly well in C# and I have at least one production C# project that uses them.

I also have a Profile Provider coming soon that is compatible with things merged from OpenID and OAuth.

If you need a flexible Membership Provider that is complete, production ready, Open Source (BSD) and is tested to support VB.Net, C#, RavenDB and can use OAuth through Google, Microsoft Account, Facebook, Twitter, Yahoo and LinkedIn, then this will work for you.

It uses StructureMap for Inversion of Control and Dependency injection.  I find StructureMap the easiest to use for those not familiar with IoC/DI and strong enough that even experts can be happy with it.

What it typically looks like in MVC:

Creating an Account will invoke the Membership Provider like this:

        ''' <summary>
        ''' Creates an account.
        ''' </summary>
        ''' <param name="user"> The user. </param>
        Public Sub CreateAccount(user As IMembershipUser) Implements IMembershipProvider.CreateAccount
            Dim existingUser As IMembershipUser = _userStore.GetUserByUsername(user.Username)
            If existingUser IsNot Nothing Then
                Throw New MembershipException(MembershipStatus.DuplicateUserName)
            End If
            existingUser = _userStore.GetUserByEmail(user.Email)
            If existingUser IsNot Nothing Then
                Throw New MembershipException(MembershipStatus.DuplicateEmail)
            End If

            'OK to add the user
            With user
                .Salt = If(.Salt, _encoder.GenerateSalt())
                .Password = _encoder.Encode(.Password, .Salt)
                'ALL USERS ARE INACTIVE BY DEFAULT
                .isActive = False
            End With
            _userStore.Add(user)
        End  Sub

A Full VB.Net Starter Kit based on this is available by request.

Hey, Wait a minute... what about that last entry you didn't talk about, OWIN.

OWIN defines a standard interface between .NET web servers and web applications. The goal of the OWIN interface is to decouple server and application, encourage the development of simple modules for .NET web development, and, by being an open standard, stimulate the open source ecosystem of .NET web development tools.

OWIN Authentication is coming and Reflex Membership will support it! We just aren't ready to talk about it at length yet.