Email	Print Reprint
	add to:
	Del.icio.us Digg Google Furl	Slashdot Y! MyWeb Blink

Forms Authentication is one of the ASP.NET features that didn’t go through a significant reworking in ASP.NET 2.0. At its core, you still define a login page to collect credentials, handle a button click, and check credentials against a data store. If credentials are valid, you then redirect the user to the originally requested page and attach properly encrypted credentials to the HTTP request via cookies or URL. 'Although the core functionality is nearly identical, the same can’t be said for the plumbing. The login page, for example, can be written much more simply by using login controls. Note that by using a built-in control, you don’t lose any key functionality, but you also gain free functions that might be tricky to code. For example, the "Remember Me" feature. Login pages built using ready-made login controls are codeless or, more precisely, don’t strictly require any code to support base and common features. How are credentials checked? Isn’t this a detail specific of a given application? How can a stock control know about that?

The most notable change to Forms authentication in ASP.NET 2.0 is the introduction of a complementary API—the membership API. The membership API provides a set of classes to let you manage users and roles. Partnered with the FormsAuthentication class, the new Membership and Roles classes form a complete security toolkit for ASP.NET developers. The Membership class supplies methods to manage user accounts—checking credentials, adding or deleting a new user and editing any associated user information such as e-mail address and password. The Roles class creates and manages associations between users and roles.

The membership API doesn’t bind you to a fixed data store and data scheme. It leaves you free to choose any data store and scheme you want, but it binds you to a fixed API instead through which users and roles are managed. The membership API shields you from the details of how the credentials and other user information are retrieved and compared. It is based on providers and delegates to the selected provider the implementation of all the features defined by the API itself.

The Membership class defaults to a provider that stores user information to a SQL Express database in a predefined format. The default database is named aspnetdb.mdf and is created by the Web Site Administration Tool (WSAT) from within Visual Studio 2005. You should note that the database is not specifically for forms authentication but is designed to contain tables for a variety of ASP.NET customizable features including user profiles and Web Parts.

To use a custom data store such as an Active Directory or a personal database, you need to register the provider in the configuration file. ASP.NET 2.0 comes with a built-in provider for ActiveDirectory; if you wish to use a custom database or, more likely, you have an existing database with user credentials to reuse all that you have to do is creating your own membership provider and just plug it in. Creating a membership provider is as easy as deriving a new class from MembershipProvider and override a few members to implement the operations you need. Easy and effective.

RELATED ARTICLES ZigBee Alliance, DLMS User Assoc Collaborate on Metering Data Compatibility Cloud Computing: Detecting Scalability Problems SDK, .NET Controls Released for Communications Enabling Web Pages recls 100% .NET Intel Announces 'Scalability Service' In the Cloud		TOP 5 ARTICLES No Top Articles.