Logging In

This tutorial covers managing access to your ASP.NET application. Web site security is a major concern for most enterprises. Without any means of securing a site, the Web site can expose areas of your enterprise you may not want exposed.

We\'ll take a quick look at what security means when it comes to Web applications. Then we\'ll look at various services available within ASP.NET for authenticating and authorizing users.

After completing this tutorial, you will be able to

  • Manage Web-based security
  • Implement Forms Authentication
  • Work with Forms Authentication in the raw
  • Work with ASP.NET login controls to make writing login pages painless
  • Work with ASP.NET role-based authorization

"Authenticating users" means determining a user really is who he or she says (verifying the identity of a user). This is often done using a shared secret such as a password. "Authorizing users" means granting or restricting access to a specific user who has identified himself or herself. For example, clients in an administrative role are often granted more access than clients in a role as simple users.

Finally, we'll look at the new login controls, which greatly reduce the amount of development effort you might otherwise put into securing your site.