ASP.NET MVC4 Simplemembership or autoFormsAuthentication?

Question

I'm new to ASP.NET MVC4 and therefore read many things about how to authenticate on an Intranet Website.

I've inherited of this type of project in order to improve it and after quick reading the source code, I saw that login/password are stored in clear text in a SqlServer database...

So my first improvement is to upgrade the authentication process in order to store passwords in the right manner.

Here is what I've done so far, in my GlobalAsax.cs add :

            WebSecurity.InitializeDatabaseConnection(
                      connectionStringName: "AppConnectionString",
                      userTableName: "Employe",
                      userIdColumn: "IDE",
                      userNameColumn: "E_mail",
                      autoCreateTables: true);

in order to add the "webpages_*" tables to my database.

I changed the IIS configuration in order to deactive "AllowAnonymous" connection and activate "Basic Authentication". But now I'm faced to Forms vs SimpleMembership, my Web.config:

<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="true" />

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="30" />
</authentication>

Can someone explain me clearly the use of each attribute? I don't understand because autoFormsAuthentication is set to false but authentication use it after. What the enableSimpleMembership ?

Thanks

Answer 1

It's hard to find any information on the topic but in my opinion autoFormsAuthentication set to true will set:

<authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880" /> </authentication>

If you need other parameter you need to use <authentication mode="Forms"> explicity.

Also autoFormsAuthentication redirecting unauthorized users from any contollers. Not only with 'authorize' attribute.

But it is just my opinion...