At this point, if you experimented with the auto-generated ASPNETDB database,
you can delete the two database files, aspnetdb.mdf and aspnetdb_log.ldf,
from your applications App_Data folder.
If youre curious, open the Dorknozzle database using the tool of your choice to
see the new tables that have been createdtheyre shown in Figure 13.9. Youll
notice your database now has 11 new tables whose names start with aspnet.
Figure 13.9. Membership tables in Dorknozzle
Using the ASP.NET Web Site Configuration Tool
After making the configuration changes we mentioned earlier, run the ASP.NET
Web Site Configuration Tool and click the Security tab again. If you look into
the App_Data folder, youll notice that the tool did not create the ASPNETDB
database. Instead, its using the Dorknozzle database.
Its interesting to note that if your application isnt using the ASPNETDB database, youre free to
simply delete its files. This is possible because, as explained earlier, ASPNETDB is a User Instance
database, the files of which are opened and read only when needed.
Chapter 13: Security and User Authentication
Before you start to add users and roles, its worth taking a look around. While
youre viewing the Security tab, click the Select authentication type link. Youll see
two options:
From the Internet
You would normally have to select this option to enable forms authentication,
but since you have already selected that type of authentication by editing
your applications Web.config file, youll find this option is already selected.
However, in future, you might want to use this tool to set your preferred
authentication type, instead of editing the file manually.
From a local network
Had we not specified forms authentication in the Web.config file, this option,
which selects Windows authenticationASP.NETs defaultwould have
been selected instead. If you were to re-select this option at this stage, the
tool would remove the <authentication> tag from your Web.config file,
restoring the default setting.
Leave the From the Internet option selected, and click Done to return to the Security
The Provider tab allows you to change the data provider thats used to store the
security data. Currently, you can only choose AspNetSqlProvider, which uses
SQL Server to store the membership data.
The Application tab shown in Figure 13.10 lets you create and manage application
settings in the form of name-value pairs that will be stored in the Web.config
file. For example, you might want to add a setting named AdminEmail that con-
tained an email address that could be used by your application to send important
administration messages.
Weve already learned to use Web.config to store connection strings within a
dedicated <connectionStrings> tag. Similarly, ASP.NET supports an <appSet-
tings> tag in the same file for the purpose of storing general application settings.
If you click Save, the administration tool will store the setting in your applications
Web.config file:
Pre-release versions of ASP.NET 2.0 also supported the use of Access databases, but that feature
was later replaced with support for the ASPNETDB disconnected database.
Using the ASP.NET Web Site Configuration Tool

Get Build Your Own ASP.NET 2.0 Web Site Using C# & VB, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.