There's one thing messageboard websites, eCommerce websites, social network websites, and portal websites share in common: they all provide user accounts. These websites, and many others, allow (or require) visitors to create an account in order to utilize certain functionality. For example, a messageboard website, like ASPMessageboard.com, allows anonymous and authenticated visitors to view and search the posts in the various forums. However, in order to be able to post a new thread or reply to a message a visitor must have an account and must log into the site.

Providing user account support for a site involves the same set of steps: creating a database table to store user account information, creating a login page, defining a system by which authenticated users' logged on status is remembered across postbacks, specifying which pages are only available for authenticated users (authorization), creating a page for visitors to create a new user account, creating a page for the site's administrators to manage the user accounts, and so forth. Prior to ASP.NET, developers had to decide how to implement all of these facets on their own. ASP.NET introduced the concept of forms-based authentication, which provided a FormsAuthentication class to ease signing in and out of a site, as well as a protected authentication ticket to remember users' logged on status across page requests. (See Simple Authentication for an article on implementing authentication with classic ASP; refer to Using Forms Authentication in ASP.NET and Dissecting Forms Authentication for more information on ASP.NET's forms-based authentication capabilities.)

Even with forms-based authentication, though, ASP.NET developers are still on the hook for defining and creating the structure for storing user account information, for creating login and logout web pages, for enabling visitors to create new accounts and administrators to manage accounts, and so on. Thankfully ASP.NET version 2.0 has lightened developers' loads by providing the membership system and the security Web controls in ASP.NET 2.0. In a nutshell, membership is an API that provides programmatic access to common user account-related tasks. For example, there are methods to create a new user account, authenticate a user's credentials, delete a user, return all user information in the site, and so on. Furthermore, there are a number of security Web controls built atop this API that make performing common user account tasks as simple as dragging and dropping a control on the page.

In this article series we will be examining the ins and outs of version 2.0's membership, roles, and pofile systems and the various security Web controls. This particular article will examine the basics of membership with a look at configuring and using the built-in SqlMembershipProvider. As we will see, this particular provider stores user account information in a pre-defined database schema. Read on to learn more!
Read More >