The Membership feature comes with two different providers by default: one that works with SQL Server and one that works with Active Directory. The subject of this chapter is the SQL-based provider. This provider is sort of the showcase provider for the Membership feature because it implements the full range of functionality exposed by the Membership API. It can be used by applications with only a handful of user accounts as well as very large sites with hundreds of thousands of user accounts. The provider can be used inside of ASP.NET applications as well as in non-ASP.NET applications. As with the parent Membership feature, SqlMembershipProvider can be used with Low trust and above, although when running it with Low trust, you need to explicitly add SqlClientPermission for the provider to work.
This chapter will cover the following aspects of SqlMembershipProvider in detail:
The common database schema used by all SQL-based providers in ASP.NET.
The database schema that supports SqlMembershipProvider.
Caveats to keep in mind when using SQL Server Express instead of SQL Server.
Security for the Membership database.
How to change password formats.
How to change the way that passwords are automatically generated.
How to use custom encryption.
How to enforce custom password strength rules.
How account lockout works with the provider.
How to extend the provider to implement auto-unlock behavior.
How to support multiple portal-style applications with a single ...