[Download Sample Code]
Have you ever been in a position where you were required to integrate authentication into your Web application? If the Web application is for the intranet, this is typically a simple process: just enable Windows authentication within IIS. More often than not this is typically not a luxury that we have in the case of more common internet Web applications, and when you take into account the volume of potential users of internet Web applications, custom form-based authentication is the only scalable solution.
For those of you who wrote code in classic ASP, accomplishing such a task was at times overwhelming. Then along came .NET 1.x, which of course makes such a task simpler; however, there was still much to accomplish when it came to form-based authentication. With the recent RTM of .NET 2.0 and the combination of Visual Studio .NET 2005, these days are over. With little or no effort you can accomplish form-based authentication in no time.
The purpose of this article is to introduce the simplicity of the following:
- Membership Management
- Preparing Your SQL Server Database
- Security Server Controls
- Role Management
Figure 1: Simple Authentication State Diagram
As you can see in the above diagram, when a user enters the application, two possible courses of action occur.
- The user is authenticated, so the requested content is returned.
- The user is not authenticated and is sent to a registration form. Once the registration process is successful, then and only then is the requested content returned.