Chapter 10: Logging In

Chapter 10

Logging In

After completing this chapter, you will be able to

Manage Web-based security
Implement Forms Authentication
Work with Forms Authentication in the raw
Work with ASP.NET login controls to make writing login pages painless
Work with ASP.NET role-based authorization

This chapter covers managing access to your ASP.NET application. Web site security is a major concern for most enterprises. Without any means of securing a site, the Web site can expose areas of your enterprise you may not want exposed. We'll take a quick look at what security means when it comes to Web applications. Then we'll look at various services available within ASP.NET for authenticating and authorizing users.

NOTE
“Authenticating users” means determining a user really is who he or she says (verifying the identity of a user). This is often done using a shared secret such as a password. “Authorizing users” means granting or restricting access to a specific user who has identified himself or herself. For example, clients in an administrative role are often granted more access than clients in a role as simple users.

Finally, we'll look at the new login controls, which greatly reduce the amount of development effort you might otherwise put into securing your site.