If you create a new ASP.NET MVC 4 web application and select the "Internet application" as a project template, you will notice that the Entity Framework is referenced and used as part of SimpleMembership. However, there is very little dependency on the Entity Framework, and probably should not be removed.
Entity Framework seems to be used for only two minor tasks
The first way to use the Entity Framework is to create the database schema needed to store membership data. Creating a database schema is not something that Dapper will do for you, and if you remove the Entity Framework, you will have to manually manage the changes in your models / membership database.
The second way to use the Entity Framework is with one method called "ExternalLoginConfirmation" inside the standard "AccountController" as part of its OAuth integration. It is used to register new users who have authenticated with an external provider (for example, Facebook).
It can be said that SimpleMembership uses SQL commands, not Entity Framework [1].
Since SimpleMembership uses SQL commands rather than the Entity Framework, it should be as fast as a comparable Dapper solution for this task. In addition, this SimpleMembership configuration has been extensively tested by Microsoft and the community. For these reasons, I would leave it alone. The security code should be provided to accredited security professionals [2].
How to remove Entity Framework from a new ASP.NET MVC 4 web application
If you really want, the dependency is very easy to remove (I assume your membership database is already up and running).
===== → Step 1
In the Visual Studio Solution Explorer, open the Links folder.
Right-click on "EntityFramework" and select "Delete."
=====> Step 2
Open Filters /InitializeSimpleMembershipAttribute.cs
Delete the following:
using System.Data.Entity.Infrastructure;
and
Database.SetInitializer<UsersContext>( null );
and
using ( var context = new UsersContext() ) { if ( !context.Database.Exists() ) {
===== → Step 3
Open: Models / AccountModels.cs
Delete the following:
public class UsersContext : DbContext { public UsersContext() : base( "DefaultConnection" ) { } public DbSet<UserProfile> UserProfiles { get; set; } }
=====> Step 4
Open: Controllers /AccountController.cs
Look for a method called "ExternalLoginConfirmation".
Replace the following:
using ( UsersContext db = new UsersContext() ) { UserProfile user = db.UserProfiles.FirstOrDefault( u => u.UserName.ToLower() == model.UserName.ToLower() ); // Check if user already exists if ( user == null ) { // Insert name into the profile table db.UserProfiles.Add( new UserProfile { UserName = model.UserName } ); db.SaveChanges();
With your equivalent dapper code, the code comments tell you what you need to implement.
You can completely remove this and other methods if you are not using OAuth.
Et Voila;)
[1] "Everything is implemented as SQL calls, and does not require stored procedures, views, agents, and change notifications."
John Galloway, Microsoft
[2] "Let me give you all my standard precaution about deploying your own cryptographic algorithms and security systems: no. It is very simple to create security systems that are almost not secure enough. Which gives you a false sense of security, worse than no system security! "
Eric Lippert, legend