Using Membership, Roles, and Profiles

To demonstrate authentication and authorization, I stored the user credentials in the Web.config file. This is acceptable for small and simple applications where the list of users is unlikely to change over time, but there are two significant limitations to this approach. The first problem is that anyone who can read the Web.config file might be able to figure out the passwords, even when they are stored using cryptographic hashes rather than plain text (if you don’t believe this, create some hash codes for typical passwords and then search Google for each hash code; it won’t take much effort to figure out at least one of the passwords).

The second problem is administration. Putting the credentials in the ...

Get Applied ASP.NET 4 in Context now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.