In This Chapter

Most of us feel uneasy about implementing Web site security, perhaps because it’s hard to be 100% sure that you’ve got it right. Inadvertently allowing the Internet’s bad guys to get in could be a Career Limiting Move (CLM) or worse. Therefore, it’s comforting to put security in the hands of people who’ve done it before. Enter Microsoft’s ASP.NET team. The team realized that so many of us were reinventing the security wheel (sometimes creating an oval wheel, out of whack) that it made sense to build membership and login capabilities directly into ASP.NET 2.0.

Out of the box, we have all the tools we need to let people log in to the site, view what we allow them to view, and recover their lost passwords. Our goal in this chapter is to implement security while writing as little code as possible. We can do this by leveraging the standard authorization tools and functions in ASP.NET.

As you work with membership terminology, note that roles refer to groups or categories of users. In addition, the terms users and members are interchangeable.