All of the web sites you’ve created in this book, so far, have allowed any user to go to any page. However, in the real world, you often want to restrict access to your web site. There are many reasons you might want to restrict someone’s access to your site: some pages might be free to the public, while others are for registered members only. Or, you might have some parts of your site that only your business partners should access. Or, you might just need to keep out the bad guys. Let’s face it, some people get their kicks, or worse, out of wreaking havoc with other people’s web sites.
In this chapter, you’ll build a functional site with multiple pages, some public and some not. It will include a database of users you will create, and their associated roles. You’ll use the ASP.NET login controls, and see just how easy they are to use and customize to your needs. You’ll then adapt the site to restrict pages to specific roles, and see how to manage your users. In Chapter 10, you’ll see that you can use these same user management tools to allow users to personalize your site to their liking.
Many Internet sites require that users “log in.” This allows the site to restrict access to members, and also allows the user to personalize the site to their individual needs. These include allowing the site to remember the user’s preferences, profile information, shopping cart contents, and so forth, as you’ll see in Chapter 10.
Forms-based security is a ...