ASP.NET 2.0 shipped with Membership, Role, and Profile
providers that make a developer's life easier when it comes to working with
user management including authenticating and authorizing users, creating new
accounts, retrieving a user's password, storing and loading a user’s profile.
All of these functionalities have been added to facilitate the most common
tasks a developer faces in every application that requires such a kind of user
and security management.
These services are always configured for a web application
since they are defined in the Machine.config configuration file. By default,
these providers are set to work with a SQL Server 2005 Express edition and can
be easily configured through the Web.config configuration file of a specific
web application. Here is the default configuration in the Machine.config file.
Listing 1
<membership>
<providers>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/"
requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
<profile>
<providers>
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer"
applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>
<roleManager>
<providers>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer"
applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<add name="AspNetWindowsTokenRoleProvider" applicationName="/"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
Off course, you can use your own providers for any of the
above services and this requires you to add those custom providers through the
Web.config configuration file. As you can see, there are mainly three types of
services. The first is Membership service which allows you to authenticate
users, create new users, retrieve users, change user’s passwords and many more
functionalities. The second is the Profile service which allows you to store
user-specific information just like session variables in ASP.NET, but is much
more powerful because it automatically saves the data into the database at the
end of every request and loads back the data at the beginning of every request.
For a full discussion on Profile service, check the following series.
An
Extended Look at the Profile Object - Part 1
An
Extended Look at the Profile Object - Part 2
An
Extended Look at the Profile Object - Part 3
The third and final service is the Role management service.
This service allows you to manage user’s roles by creating new roles, adding
users to roles, retrieving user’s roles and other functionalities.