MvcAccount is the simplest way to password-protect your ASP.NET MVC application. It consists of a single assembly which includes models, views, controllers, resources, etc. Add a bit of configuration and you are done!
- Sign In/Out: With account lock out after max. invalid attempts.
- Reset Password: Sends email with link to enter new password.
- Change Password: User must sign in first.
- Change Email: With optional verification (sends email with link).
- None: Passwords are stored in clear text.
- PBKDF2 (Recommended): Passwords are hashed with the RFC 2898 algorithm. Implemented by Crypto, also used by SimpleMembershipProvider.
- SHA1: Passwords are encrypted one-way using the SHA1 hashing algorithm (implemented by SqlMembershipProvider).
- MachineKey: Passwords are encrypted using the encryption settings determined by the machineKey element configuration (also implemented by SqlMembershipProvider).
- Custom: Provide your own implementation.
- MembershipProvider: Although MvcAccount is a substitute for MembershipProvider there are many components out there that work against this API, so MvcAccount also provides an implementation. The only functions currently implemented are:
- ValidateUser (useful if your application implements other functions that require username/password verification).
- GetUser (all overloads, this allows you to get user information from your application without a direct dependency on MvcAccount).
- Bootstrap: Views use Bootstrap markup and classes (optional, you are not required to use Bootstrap).
MvcAccount is fully localized in the following languages:
- English (en)
- Spanish (es)
- Finnish (fi)
- Portuguese (pt)
MvcAccount doesn’t provide the following functionality:
- Anything related with roles or claims.
- External login providers (OAuth, OpenID).