Any ASP.NET site we develop will always have an
authentication module unless and until there is nothing private on the site or
something we explicitly know as being unnecessary. For instance, a simple
public content site will not require an authentication module. Depending on the
nature of the application we can decide on the type of authentication we are
going to provide for our site. Meaning, if it is going to be an intranet web
application, we can very well utilize the windows authentication by making use
of the availability of user information in the AD, thus preventing a separate
user information storage private to our application. Still, role mapping to the
users has to be stored privately for the application. If our application is an
internet application then the best choice is to use Forms Authentication. This
article will explore the implementation forms authentication with roles in ASP.NET
2.0.
From 1.x days, the implementation of forms authentication in
ASP.NET is not that complicated. But the actual drawbacks are in those days ASP.NET
itself does not have that many controls that aid in implementing forms
authentication easily. Also, if we have role based forms authentication then we
should go for our custom code for validating a resource access. With the
introduction of 2.0 we have a handful of controls that help in implementing
role based forms authentication very easily with the primary support of Providers in ASP.NET 2.0.