ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources – ScottGu’s Blog

The following is excerpt from ScottGu’s Blog:

Getting Started with ASP.NET 2.0 Membership, Roles and Forms Authentication Video

Watch this great online video. It walks through how to add Forms Authentication (using the <asp:login> control) with a secure Membership Credential Store + Role Based Security to a site, then implement pages that enable Registration (using the <asp:createuserwizard> control) + Change Password (using the <asp:changepassword> control) + Reset Password (using the <asp:recoverypassword> control), and then authorize page access and hide menu navigation links using the role groupings of the authenticated user. The video shows how to-do all of this from scratch in only 17 minutes. You can watch it here. You can also find other great ASP.NET “how to” videos here.

ASP.NET 2.0 Membership and Role Management Overview Articles

Here are a few good tutorial articles that provide a good conceptual overview of how the new membership and role management system works.

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 1)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 2)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 3)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 4)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 5)

MSDN: Explained: Forms Authentication in ASP.NET 2.0

MSDN: Explained: Windows Authentication in ASP.NET 2.0

Scott Allen’s: Membership Providers (Part 1)

Scott Allen’s: Role Providers (Part 2)

ASP.NET 2.0 Security, Membership and Role Management Book

Stefan Schackow is the ASP.NET Team technical expert and feature-owner for a lot of the core sub-systems in ASP.NET, and he owned the security, membership and role management features for ASP.NET 2.0. He has recently published an awesome book on ASP.NET Security, Membership and Roles that you can buy for $26 on Amazon here.

You can read two big recommendations of it from ASP.NET MVPs here: Dave Sussman and Christoph Wille I highly recommend getting a copy.

Setting up Membership + Roles on a SQL 2000 or SQL 2005 Server

By default ASP.NET 2.0 auto-creates and uses a SQL Express database to store Membership, Roles and Profile data. If you want to instead use a SQL 2000 or SQL 2005 database, you can easily learn how to configure it using this blog post of mine.

Don’t forget to always set the “applicationName” attribute when configuring ASP.NET Membership, Roles, Profile and other providers.

One common issue people forget to-do when registering membership and other providers is to configure the “applicationName” attribute on the provider declaration.  This can prevent logins from seeming to work when you copy an application to another machine.  This blog post covers this scenario more and how to fix it.

Custom Membership and Roles Providers

ASP.NET 2.0 ships with built-in SQL Server, SQL Express and Active Directory Membership and Role Providers.  The source code for these built-in providers can now be downloaded from here.

The nice thing about the system is that it is entirely extensible, which means you can create and configure your own custom credential/role stores into the system as well (either using the source code from the built-in providers, or just by extending the provider contract).

The ASP.NET Provider Toolkit Site provides tons of content on how to create and build your own providers (including Membership and Role Providers). It also has a link to a fully functional Membership and Role Provider that works with Access databases.  This article also discusses how to build your own Membership Provider, and can be a useful guide to integrating the membership APIs with your own existing database.

Here is a list of other free custom Membership and Roles providers (with complete source code) that I know of on the web:

You can download and configure your application to use any of the above providers.  The beauty of the system is that the Membership, Roles APIs + Login Controls don’t change at all. 

Storing Custom Properties about a User during Registration

One very common question I see asked a lot is how to store custom properties about a new user as they register on the system (example: zip code, gender, etc). The good news is that it is easy to-do this with the new ASP.NET Profile System and the built-in <asp:createuserwizard> control.

I have a sample here that shows how to build a registration system for a site with Membership, Login, Registration, Password Recovery, Change Password, Custom Properties and Roles support – all in 24 lines of code.  If you want, you can combine this with the new SQLTableProvider for the Profile system for greater control over your profile database schema. You can learn about that in my blog post here.

Remote Server Administration Tool Mangement of Membership/Roles

The built-in Web Administration Tool with Visual Web Developer and VS 2005 makes it easy to manage the users and roles for a local ASP.NET application. One common question I get asked is how to manage these users/roles against a remote server (for example: an application running on a remote hoster.  This blog post of mine points to two different solutions you can use to enable this.

Via ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources – ScottGu’s Blog


3 thoughts on “ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources – ScottGu’s Blog

  1. Thanks for the tech-tips. In early times, I used to use normal login system. But now I go membership. And I have always been helped by the posts i ScottGu’s site. Thank you ScottGu. All I have to say is otherwise we programmers would have to digg the earth so hard!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s