Authenticating and authorizing users is an important part of most Web sites. In traditional desktop applications, if needed, authentication and authorization tend to utilize the current user's Windows credentials. When writing Web applications, you had to roll your own username and password system, and provide a login form, or use HTTP authentication, which, in turn, used Windows authentication to authenticate users. You would then implement authorization mechanisms throughout your code to protect your resources.

ASP.NET introduced a framework for these common functions to provide you with a framework for authentication and authorization. The authentication providers allow you to store usernames and passwords in a database or your web.config file, or let IIS take care of it, using the Windows username and password facilities. The authorization side allows you to control access to pages, classes, and even methods based upon a user's identity. ASP.NET also provides server-side controls for forms-based authentication, a login form, a registration form to create new users, reset passwords, and many of the other common functions a Web site may need.

In this chapter, you will learn about the following: