I am creating a website using ASP.NET MVC 5. Has Microsoft release any technology to replace FormsAuthentication or do they still recommended authenticating the user using FormsAuthentication for MVC 5?
UPDATE Jan 2020:
It's been almost 5 five years since I asked this question, the web development world has drastically changed. Now I am convinced that FormsAuthentication IS obsolete.
Please consider token based auth when implementing user authentication in ASP.NET based web apps.
Yes. FormsAuthentication is deprecated in MVC 5 and onwards.
At least, that's the short answer.
The long answer is that pre-MVC 5 traditional FormsAuthentication is still ok to use. It is, however being phased out in favour of alternative approaches such as ASP.NET Identity.
In Visual Studio 2013, the authentication options supplied for and MVC 5 application are as follows:
In this case, Individual User Accounts is referring to ASP.NET Identity.
According to Microsoft, the former ASP.NET Membership has been replaced with ASP.NET Identity,
[ ... ] the sample application will be configured to use ASP.NET Identity (formerly known as ASP.NET membership)
(Emphasis mine)
Microsoft also state
The new membership system is based on OWIN rather than the ASP.NET Forms Authentication module.
So Identity didn't exactly replace FormsAuthentication, but rather it replaced the Membership system which used FormsAuthentication. A good thing too, because according to a question I asked in 2013, Membership is rather confusing.
A type of FormsAuthentication still exists though. According to Microsoft,
ASP.NET also has a forms authentication support through the FormsAuthenticationModule, which, however, can only support applications hosted on ASP.NET and doesn't have claim support. Here is a rough feature comparison list:
So if you'd still like to use FormsAuthentication, check out Understanding OWIN Forms authentication in MVC 5.
So Microsoft encourages you to use ASP.NET Identity. You don't have to, of course. You can simply select No Authentication and the project will not implement anything for you. It is then up to you to fulfil your membership/login needs.
