To recap, the "virtual client" has commissioned a membership system that handles the following operations and features:
Users must be able to create new accounts independently, by filling out an online registration form.
Users must be able to later change their own credentials, or recover them if they forget them.
The administrator must be able to grant or deny access to specific sections or individual pages by certain users. The permissions should be editable even after deploying the site, without requiring the intervention of a developer to change complex code or settings.
The administrator must be able to temporarily or permanently suspend a user account, such as when a user does not respect the site's policy of conduct.
The administrator should be able to see summary and statistical data such as the number of total registered users and how many of them are online at a particular time. The administrator may also want to know when specific users registered, and the last time they logged in.
A profiling system should enable each registered user to save data such as site preferences and personal details in a data store (such as a database), so that their information will be remembered on future visits. The administrator must be able to view and edit the profile of each user.
ASP.NET 2.0 introduces some great new features that help to develop the membership subsystem.
4.2.1. Password Storage Mechanisms
There are basically three methods for storing passwords, with each one ...