We'll get right into the implementation because we've already covered the basic material and our objectives in the "Design" section of this chapter. Now we'll put all the pieces together to create the pages and the supporting code to make them work. These are the steps used to tackle our solution:
Define all the settings required for membership, roles, and profiles in web.config.
Create the login box on the master page, and the "access denied" page. To test the login process before creating the registration page, we can easily create a user account from the ASP.NET Web Administration Tool.
Create the registration and profiling page.
Create the password recovery page.
Create the page to change the current password and all the profile information.
Design profiles to save the user's favorite theme, and handle the migration from an anonymous user to an authenticated user so we won't lose his theme preference.
Create the administration pages to display all users, as well as edit and delete them.
4.3.1. The Configuration File
Following is a partial snippet of the web.config file (located in the site's root folder) used to configure the authentication type, membership, role manager, profile, and sitemap provider (in this order):
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <!-- other settings... --> <system.web> <authentication mode="Forms"> <forms cookieless="AutoDetect" loginUrl="~/AccessDenied.aspx" name="TBHFORMAUTH" /> </authentication> <membership ...